Posted on 01/21/2015 4:41:43 PM PST by nascarnation
It was a mere two months ago that Israeli cyber-security researchers hacked into a device that plugs into the diagnostic port of a car and determined they could remotely control the vehicle from anywhere in the world. At the time, the simulated attack seemed like the automotive version of a canary in a coal mine. If researchers could breach this one device, perhaps other aftermarket products that plug into diagnostic ports were also vulnerable?
In short order, another cyber-security firm now reports finding serious flaws in a device used by more than 2 million motorists.
Researchers at Florida-based Digital Bond Labs say they have uncovered major problems in a device that Progressive Insurance uses to measure the driving habits of participating customers. By reverse-engineering the dongle, they gained access to a network that allows control of critical vehicle functions, like steering, braking and throttle inputs.
"What we found with this device was that it was designed with no security features," Dale Peterson, founder and CEO of Digital Bond Labs, tells Autoblog. "It wasn't even based on basic security coding practices. ... It's a house that has no doors, no windows and no fences, with valuables inside."
Peterson emphasized this was not a case of researchers exploiting a weakness in the dongle's security; it was simply that no security existed.
Yeah, I keep forgetting about that function. Gonna have to check "No" on that little box if I go to buy a new car.
I learned how to parallel park in a 1978 Buick Landyacht, my CR-V is like a Matchbox car compared to that...
Someone else has already offered an explanation, I see.
Newer cars have ‘fly by wire’ (so to speak) for steering. Not only for parking, as mentioned, but for turning at speed. There are cars that have rear wheel (limited) turning ability all controlled by the computer.
I never paid too much attention, but I thought the Snapshot was just temporary so they could give you a quote based on your driving habits. No way I would have such an obvious spy device on my vehicle long-term.
It is a temporary thing, typically used for a month or so based on their website. Not sure if it needs to be “renewed” occasionally or not.
Both of you are correct. However, if someone stuck a 'dongle' with wireless capability in your OBD II port, how long would it take before you noticed it was there ?
Probably a very long time to notice.
But I’ll take my chances.
And only 2 of my 4 vehicles are OBDII equipped.
And only 1 of those 2 with the steering interface.
Bookmark for later
Because she's in you face every 30 seconds if you watch TV.
I can't believe that Progressive (and others) ever pay any claims for what they must spend on advertising.
Mine was a 1956 Ford station wagon.
I could back that puppy into a shoe box in one swing. ;~))
Mine was a 1956 Ford station wagon.
I could back that puppy into a shoe box in one swing. ;~))
If there is any interaction between the power steering computer and power steering hydraulics it could alter the cars direction depending on the number and setup of the pump, pistons and return flow lines.
Ducks and salamanders are better spokesmen for insurance.
I have a BMW motorcycle (2015 R1200GS Adventure) with a Garmin Nav 5 GPS unit that has telemetry into the motorcycle’s computer. With the wireless and Bluetooth abilities I can imagine it might, maybe, be possible for someone to take control of the bike’s engine and brakes if that telemetry interface does more than download information to the GPS. *spooky* great, I think I just scared myself.
My view is that this is probably number 1,432,856 on the list of things to worry about.
But it’s nice to see Progressive getting trashed, that was really my motivation for posting this.
** SHUDDER **
I never quite understood what the Duck was selling, but I know damn well I'd never buy a anything off that slimy Brit lizard. You can tell he's a carny hustler. ;~))
Seriously, if those companies thought they had a really good product, something better than the competition, they would not resort those gimmick ad campaigns. They would not need to.
I like your motivations.
“Car Hacking..according to Flo she says Nailed It”
After a hacker remotely inflates the airbag, will Flo say “It’s in the bag”?
Who knows, maybe..I don’t care for Progressive but I tell ya, that Nailed It commercial makes me laugh
Ping.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.