Hackers disable Corvette brakes by texting dongle belonging to Insurance company
After jeeps come the fast cars!. Researchers have already proved last month that they can hack a Jeep. Now another set of security researchers have discovered a way to cut the brakes of a car by hacking into it through an Internet-enabled dongle used by insurance companies.
A team from the University of California at San Diego (UCSD) gained access to the onboard computer of a 2013 Corvette by sending text messages to a plugged-in dongle that measures a car’s location and speed for insurance companies. The hack was demonstrated at the Usenix security conference in Washington DC.
Stefan Savage, a computer security professor from the University of California and leader of the project, told Wired: “We acquired some of these things, reverse engineered them, and along the way found that they had a whole bunch of security deficiencies. [The dongles] provide multiple ways to remotely…control just about anything on the vehicle they were connected to.”
Savage’s team worked with dongle which is called OBD2 dongle and manufactured by French firm Mobile Devices. Mobile Devices ships these dongles and and other products to many auto manufacturers and many third-party vendors. In United States, the dongle is marketed by San Francisco insurance company Metromile, which offers pay-per-mile insurance based on data logged by the dongle. Metromile issues these dongles to car owners for tracking vehicles and charging their insurance on a per-mile basis.
Although the USCD group was only able to cut the Corvette’s brakes when it was driving at slow speed, the hack’s success indicates that more security flaws are a real concern when it comes to connected cars.
The researchers said that they had notified Metromile about the vulnerability in June and Metromile had pushed out a software patch to its customers.