Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

Researchers Hack and Disable a Car via an Insurance Dongle

by Fox Van Allen on August 12, 2015

2013 Corvette being hackedMore bad news on the car security front: Researchers have discovered yet another to remotely disable your vehicle. Yesterday, a team from the University of California at San Diego released a video, timed with their presentation at the Usenix security conference, demonstrating how they were able to hack and take over a 2013 Chevrolet Corvette via its ODB-II port. Worse yet, the researchers say that this hack could be applied to just about any vehicle on the road sold after January 1996.

The proof-of-concept video starts with the research team turning on the sports car’s headlights and wipers using a smartphone. They then showed off some of the hack’s more scary tricks, remotely applying and disabling the Corvette’s brakes. (You can watch the full video embedded below.)

The device used to hack the Corvette was acquired through Metromile, a car insurance company that provides its customers with a special cellular-enabled ODB2 dongle. That dongle is supposed to enable discounts for low-mileage drivers. Researchers instead used it as a remote gateway to the car’s computer systems, proving the existence of a pretty significant security hole.

For their part, Metromile, the insurance company that distributes the dongles, says it took the issue seriously when the UCSD researchers informed them of it in June. “Patches have been sent out to all the devices,” says Metromile CEO Dan Preston. He further confirmed that no hackings have been reported in the wild.

That’s good news for Metromile customers, but the USCD team says that other OBD-II dongles could be still be used to hack and disable a wide range of vehicles. So how do you keep safe? “Think twice about what you’re plugging in to your car,” recommends study researcher Karl Koscher.

“It’s hard for the regular consumer to know that their device is trustworthy or not, but it’s something they should give a moment’s thought to,” Koscher adds. “Is this exposing me to more risk? Am I ok with that?”

Earlier in the week, Techlicious reported that most cars’ remote entry systems can be compromised by a $32 device. And back in July, white-hat researchers Charlie Miller and Chris Valasek proved a vulnerability in Chrysler vehicles by hacking and remotely disabling a Jeep Cherokee.

[Image credit: USCD]


Car Tech & Safety, News, Travel & Entertainment, Blog

Discussion loading

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.