Tracker devices could give hackers control of your vehicle

Tracker devices on cars issued by insurance firms are reportedly leaving cars vulnerable to cyber attacks.

Corey Thuen, from consultancy firm Digital Bond, found that the SnapShot dongle, issued by US-based Progressive Insurance to track vehicle speed and location, can be hacked to command the car remotely.

Insurance companies place the trackers in vehicles to gather data on driving habits and use the collected data to determine the driver’s insurance risk and their policy price.

While reverse engineering the software of SnapShot, Thuen could gain access to some functions of the car’s CAN bus.

Thuen was quoted by Forbes as saying: "The firmware running on the dongle is minimal and insecure."

"It does no validation or signing of firmware updates, no secure boot, no cellular authentication, no secure communications or encryption, no data execution prevention or attack mitigation technologies… basically it uses no security technologies whatsoever."

"The technology being used in them is outdated and vulnerable to attack which is highly troubling considering it is being used to remotely access insecure by design vehicle computers."

The vulnerability would enable hackers to gain remote control of a vehicle, or even the complete vehicle fleet.

Kaspersky Lab principal security researcher David Emm said: "This is just another example of how, as our cars become increasingly connected, we open the door to threats that have long existed in the PC and smartphone world."

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing