Apparently All Cars Can Be Hacked Now: Insurance Dongle Edition

Hackers say they may be able to control any vehicle with a telematics-enabled sensor — including a popular sensor that insurance companies use for consumers — plugged into the car’s diagnostic port, according to Wired report (via The Verge).
In recent weeks, several hacks have surfaced — Chrysler, General Motors and Telsa — related to specific automakers. According to the report, the On-Board Diagnostic system hack could apply to any make or model fitted with an insurance or tracking dongle. The University of California San Diego researchers say they’ll present their findings at the Usenix conference Tuesday.
And, um, there’s no easy way to put this, but … it doesn’t appear that it would be all that hard to find cars with the dongles at the moment.

The story focused on a dongle provided by a Bay Area-insurance provider, MetroMile, who uses the dongle to charge customers by the mile. Hackers remotely shutdown a Corvette using the device by sending the dongle an SMS message that confused the device into controlling the car’s vital functions. The hackers say they could control steering, throttle and brakes using the hacks. Although the target was a Corvette, the researchers said they could apply the hack to many more cars.
From the story:
“It’s not just this car that’s vulnerable,” says UCSD researcher Karl Koscher. He points to the work of researchers Charlie Miller and Chris Valasek, who revealed and published the code for a wide array of attacks on a Toyota Prius and Ford Escape in 2013 that required only access to a vehicle’s OBD2 port. “If you put this into a Prius, there are libraries of attacks ready to use online.”
MetroMile says it wirelessly updated its devices when it became aware of the hack weeks ago.
Hackers say that the hack may apply to Progressive Casualty Insurance Company’s Snapshot device, which also uses telematics to transmit information, however hackers didn’t provide a proof of concept for the device’s vulnerabilities earlier this year.
The Wired story offered a tidbit of terrifying information: UCSD hackers scanned the web using Shodan and found “thousands” of hackable devices — mostly in Spain. It was unclear in earlier hacking reports how vulnerable cars could be targeted without first having direct contact with the car or physical access. Now, apparently, there’s a web search for that.
In addition to insurance dongles, the hackers say similar hacks could be used for dongles placed in fleet vehicles used for tracking.
The post Apparently All Cars Can Be Hacked Now: Insurance Dongle Edition appeared first on The Truth About Cars.