I recently got a letter from my auto insurance company offering me a deal: Install a little electronic gadget in our cars, and we would receive a discount on our insurance rates. The gadget would plug-in to the on-board computer and track how fast we were driving, how quickly we accelerated and braked, how far we drove and other information. It would periodically send that information to the insurance company.
The idea here is that by allowing the insurer to monitor how we drive, it could adjust our rates up or down over time based on how safely we behave behind the wheel. If the privacy implications of that don’t bother you, there may be other reasons to not to install these devices.
From Forbes writer Thomas Fox-Brewster:
Thuen, a security researcher at Digital Bond Labs who will present his findings at the S4 conference in a talk titled Remote Control Automobiles, has been figuring out how he might hack the vehicle’s on-board network via a dongle that connects to the OBD2 port of his pickup truck. That little device, Snapshot, provided by one of the biggest insurance providers in the US, Progressive Insurance, is supposed to track his driving to determine whether he deserves to pay a little more or less for his cover. It’s used in more than two million vehicles in the US. But it’s wholly lacking in security, meaning it could be exploited to allow a hacker, be they in the car or outside, to take control over core vehicular functions, he claims.
I doubt that hackers are going to suddenly start taking control of cars and sending them careening off bridges or crashing into other vehicles. But I also doubt that someone will try to break into my house this week — I’m still going to lock the doors when I go out.
For the record, Progressive is not my insurance company, so I have no personal knowledge of this particular device. But as the “Internet of things” creeps into every aspect of our life, safety and security will become much more important. The implications of a security breach like this go far beyond pilfered emails, stolen photos or even hacked credit cards. Criminal hackers could put life and limb in danger.
Let’s hope insurers, tech companies and automaker pay close attention to these issues.
Forbes: Hacker Says Attacks On ‘Insecure’ Progressive Insurance Dongle In 2 Million US Cars Could Spawn Road Carnage