​Researchers hack a Corvette's brakes via insurance black box

Researchers exploit a Web-connected insurance monitor to hijack a car using text messages.

OBD-II dongles, stacked
Connected OBD-II dongles like these could be the Achilles' heel that leaves a car vulnerable to hacking. Antuan Goodwin/CNET

The list of ways to electronically hijack cars is growing thanks to devices used to monitor drivers' roadway behavior.

Recently, we've seen a wave of devices vying for placement in your car's onboard diagnostics port (known as OBD-II). These little plastic boxes promise to connect your car to the Web, help you boost your fuel economy and even lower insurance rates by reporting your driving habits wirelessly to your insurance company. But some of these little boxes could also be an Achilles' heel that leave their host cars vulnerable to hacking, warns a group of digital security researchers at the University of California at San Diego.

To illustrate, Wired reports, the researchers equipped a Chevrolet Corvette with one of these driver-monitoring telematics boxes and were able to take control of the vehicle using little more than SMS instructions sent to a specific phone number. The researchers were able to activate the wipers, engage the brakes and even disable the brakes at low speed. You can see the results in the video below.

This method of attack emerges amid heightened anxiety over hacks on Jeep, Tesla and OnStar. While those hacks targeted the dashboard entertainment system to make the jump to remote control of vehicle systems, by attacking the OBD-II dongle, the researchers gained direct access to the vehicle's electronic brain to commit acts of mischief. And the problem isn't limited to the Corvette; the researchers warn that any vehicle equipped with an insecure telematics dongle may be at risk.

The device exploited for those attacks were built by the French manufacturer Mobile Devices and distributed by insurance startup Metromile, which uses the dongles as part of its pay-per-mile car insurance program. The dongles were distributed to end users in a "developer mode" with the same private keys stored insecurely on every device, leaving every telematics dongle of this type open to intrusion once one had been reverse engineered. The devices were also configured to receive and execute commands received via SMS messages received over their cellular connection with almost no authentication.

The Metromile dongle was the only product reverse engineered and tested by the researchers. Products from other providers may be more secure or, as the UCSD researchers fear, just as vulnerable.

Mobile Devices and Metromile state that the vulnerability has already been patched, but the UCSD researchers claim that thousands of vehicles connected to other Mobile Devices distributors are still visible to their Internet search tools. The researchers urge drivers to take care. "Think twice about what you're plugging into your car," they said.

Close
Drag
Autoplay: ON Autoplay: OFF