{"id":5362,"date":"2015-01-27T05:39:19","date_gmt":"2015-01-27T10:39:19","guid":{"rendered":"http:\/\/kasperskydaily.com\/uk\/?p=5362"},"modified":"2020-02-26T15:10:51","modified_gmt":"2020-02-26T15:10:51","slug":"progressive-snapshot-car-hacking","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/progressive-snapshot-car-hacking\/5362\/","title":{"rendered":"Progressive Snapshot Exposes Drivers to Car Hacking"},"content":{"rendered":"

Not surprisingly, one researcher realized last week that he could exploit Progressive\u2019s Snapshot driver tracking tool<\/a> in order to hack into the on-board networks of certain auto-mobiles. Snapshot is a tool manufactured by Progressive auto insurance that plugs into the OBD-II port<\/a>. It\u2019s purpose is to monitor driving behaviour in order to offer cheaper insurance rates to safer drivers.<\/p>\n

For the uninitiated, the OBD-II is the input port down beneath and, in general, slightly to the left of your steering wheel. It\u2019s the port into which your mechanic plugs his emissions inspection machine to check all the codes in your car\u2019s computer systems to make sure you aren\u2019t polluting. It\u2019s also the port into which you can plug a diagnostic scanner to check why your check engine light has turned on.<\/p>\n

Very simply put, your car\u2019s computer network is going to consist of sensors, electrical control units and the controller area network<\/a> (CAN) bus. The ECUs, of which there can be very many, serve a variety of purposes, but mainly they process signals from sensors monitoring everything from engine control to airbags to any number of other things I\u2019ve never heard of. ECUs are connected together and communicate via the CAN bus. So, for example, if you crash your car, some sensor somewhere tells its ECU that it thinks you\u2019ve crashed, the ECU then passes that message along the CAN bus to another ECU that tells your airbag to deploy.<\/p>\n

@Progressive #Snapshot driver monitoring tool is insecure and exposes drivers to car hacking:<\/p>Tweet<\/a><\/blockquote>\n

The OBD-II port used<\/em> to be the only way to plug into and communicate with the CAN bus and its ECUs. New research shows that this can be done wirelessly as well<\/a>.<\/p>\n

At any rate, Digital Bond Labs security researcher Cory Thuen got his hands on one of these Snapshot devices, which are used in some two million cars. He reverse engineered it, figured out how it worked and plugged it into his Toyota Tundra. Then determined that Snapshot does not authenticate itself nor does it encrypt its traffic, contain digital validation signatures or offer a secure boot function.<\/p>\n

To be clear, Snapshot devices communicate with Progressive over the cellular network in plain text. This means that an attacker, for example, could pretty easily set up a fake cell tower and perform a man-in-the-middle attack.<\/p>\n

Its entirely possible that a remote hacker could inject code through a Snapshot dongle and onto the very network that controls your cars airbags and emergency brakes<\/div>\n

Despite these serious security lapses, the device has the capacity to communicate with the CAN bus. Therefore, its entirely possible that a remote hacker could inject code through a Snapshot dongle and onto the very network that controls your cars airbags and emergency brakes. Thuen\u2019s work stopped short of injecting code into the car\u2019s network. He claims he was merely interested in figuring out if there was any security in place to stop him from doing that.<\/p>\n

Before you panic, I spoke with IOActive\u2019s director of vehicle security research<\/a> and famed car hacker, Chris Valasek, about pumping malicious code into the CAN bus last year, and he assured me that it\u2019s easier said than done.<\/p>\n

\n

#Security<\/a> Holes in @Progressive<\/a> Dongle Could Lead to Car Hacks \u2013 http:\/\/t.co\/4iWReok2F4<\/a><\/p>\n

\u2014 Threatpost (@threatpost) January 19, 2015<\/a><\/p><\/blockquote>\n