Bluetooth dongles provided to drivers by insurance companies to track driving habits are poorly secured, and could be hacked to hijack cars, reports The Register.
Security researcher Corey Thuen was looking at the SnapShot dongle, which Progressive Insurance provides to some two million American drivers to track their speed and location. He discovered that the devices are insecure, and could "allow hackers to hijack cars, including steering and braking systems," according to The Telegraph.
"The firmware running on the dongle is minimal and insecure," Thuen said, speaking to Forbes. "It does no validation or signing of firmware updates, no secure boot, no cellular authentication, no secure communications or encryption, no data execution prevention or attack mitigation technologies… basically it uses no security technologies whatsoever."
"A skilled attacker could almost certainly compromise such dongles to gain remote control of a vehicle, or even an entire fleet of vehicles. Once compromised, the consequences range from privacy data loss to life and limb," he added.
The lack of security in the device would allow hackers access to the CAN bus. Although Thuen performed his hack with a wired connection and a laptop, theoretically a remote attack would be possible by hacking the adjacent u-blox modem. On a wider level, he theorized that if Progressive Insurance's server infrastructure was compromised, the attack could be deployed on a much wider level.
The manufacturers of SnapShot, Xirgo Technologies, did not respond to Thuen's private disclosure before he explained it publicly at the S4x15 conference in Miami. Progressive Insurance stated it had not been informed of the vulnerability before the talk, but "would welcome his confidential and detailed input so that we can properly evaluate his claims."