If you buy car insurance from one of the big boys, it’s fairly likely you’ve been pitched on what amounts to a little black box, called a telematics device, easily installed in your car. Just plug it in, and it’ll track how you drive, and since you’re a good driver, you’ll save a boatload, right? Well, possibly. Or hackers might use it to cut your brakes.
Yep, no sooner did hackers demonstrate the ability to commandeer your Jeep through Chrysler’s networking system than security researchers at the University of California San Diego have proved pretty much any car with a tracking dongle on it is vulnerable. How? The dongle is connected to your car’s computer system; that’s how it gathers the data. By necessity, that means it’s connected to the CAN bus, but apparently nobody building these telematics devices realized that A) the communication is a two-way street or B) that securing something connected to a car’s physical systems would be a good idea.
So, by uploading a virus payload and then sending the right text message to the dongle, you can do anything you want to the physical systems of the connected car, from flip on the wipers to suddenly braking. This includes popping the locks, by the way, so if you were getting an insurance discount due to your fancy security system, you might want to ask them to up it.
It appears to be consistent across most telematics devices; this was a pilot test on one insurer’s device, but other devices are showing the same vulnerability. So if you’re worried about your safety on the road, it might be time to bargain with your agent instead of installing a widget.
(Via Wired)