SoylentNews is people
SoylentNews
An electronic dongle used to connect to the onboard diagnostic systems of more than two million cars and trucks contains few defenses against hacking, an omission that makes them vulnerable to wireless attacks that take control of a vehicle, according to published reports.
US-based Progressive Insurance said it has used the SnapShot device in more than two million vehicles since 2008. The dongle tracks users' driving to help determine if they qualify for lower rates. According to security researcher Corey Thuen, it performs no validation or signing of firmware updates, has no secure boot mechanism, no cellular communications authentication, and uses no secure communications protocols. SnapShot connects to the OBDII port of Thuen's 2013 Toyota Tundra pickup truck, according to Forbes ( http://www.forbes.com/sites/thomasbrewster/2015/01/15/researcher-says-progressive-insurance-dongle-totally-insecure/ ). From there, it runs on the CANbus networks that control braking, park assist and steering, and other sensitive functions.
http://arstechnica.com/security/2015/01/wireless-device-in-two-million-cars-wide-open-to-hacking/
(Score: 0) by Anonymous Coward on Thursday January 22 2015, @06:20AM
I recognize that this is something you *attach* to your car, but this is why I drive a '96. It doesn't have built in devices whose security design depends on the Goodness of People. Too many cars do, and for 2M vehicles to have been exposed to this sort of security nightmare is pretty obscene.
(Score: 2) by paulej72 on Thursday January 22 2015, @02:56PM
If it is a '96 then it does have these systems. 96 was the first year of the mandated ODB II connector, for cars sold in the US (ignore me if you live elsewhere). So it might be possible to screw with your car.
Team Leader for SN Development