Hacker: 2M Progressive Insurance Dongles Are Vulnerable To Attack

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
If you have Progressive Insurance, you will definitely want to read this.

Thuen, a security researcher at Digital Bond Labs who will present his findings at the S4 conference in a talk titled Remote Control Automobiles, has been figuring out how he might hack the vehicle’s on-board network via a dongle that connects to the OBD2 port of his pickup truck. It’s used in more than two million vehicles in the US. But it’s wholly lacking in security, meaning it could be exploited to allow a hacker, be they in the car or outside, to take control over core vehicular functions, he claims.
Click to expand...
 
So that's how that one guy with the talking car that had the swooshy red lights on it was able to turn on brakes and stuff! Life's mysteries are answered by [H]! :)
 
Yeah...never going to have one of these nannys in my car. If my insurance company saw how I drove they'd triple my rates.
 
It makes me want to keep my 80's car all the more. None of this nonsense on those cars. In fact I wonder if that's a selling point instead.
 
when i got my new STI, i didn't like the idea of these things, but my rates were retarded. got past break in, and signed up for this shit. put up with it for a month and a half. i now enjoy 35% lower insurance rates and nobody hacked into my car and killed me, so whatever. worth it.
 
I feel like If I had an STi and the dongle reported the way I drove, I would not be seeing a DECREASE in my rates.
 
it was a challenge, believe me. i managed to drive like a grandma for that month and change though.
 
If only I could switch my dongle on.
Fitted it, accidental foot swipe kicked off the power switch.
Lack of access denies me the ability to remove the dongle, doh!
 
vsboxerboy said:
I feel like If I had an STi and the dongle reported the way I drove, I would not be seeing a DECREASE in my rates.
Click to expand...

They claim that your rates will never be increased, but I'm sure they'd change that attitude when they see something like "Max Speed: 130 mph".
 
Nenu said:
If only I could switch my dongle on.
Fitted it, accidental foot swipe kicked off the power switch.
Lack of access denies me the ability to remove the dongle, doh!
Click to expand...

Just to be clear...

Are we talking about electronics here?
 
The Progressive dongle doesn't quite work the way you guys think. Basically you plug it in for a few weeks and it monitors speed and braking. No sudden stops is what gets you a rate cut, basically. I plugged it in, drove like a granny for a few weeks, and sent it back. My rate adjustment is now permanent.
 
SilverSliver said:
The Progressive dongle doesn't quite work the way you guys think. Basically you plug it in for a few weeks and it monitors speed and braking. No sudden stops is what gets you a rate cut, basically. I plugged it in, drove like a granny for a few weeks, and sent it back. My rate adjustment is now permanent.
Click to expand...

this. small price to pay for the savings involved (in most cases).
 
SilverSliver said:
The Progressive dongle doesn't quite work the way you guys think. Basically you plug it in for a few weeks and it monitors speed and braking. No sudden stops is what gets you a rate cut, basically. I plugged it in, drove like a granny for a few weeks, and sent it back. My rate adjustment is now permanent.
Click to expand...

How much do you actually save to have to drive like a granny for a few weeks? Also, imposing artificial constraints in the name of "safe" driving can actually be more dangerous -- for example, slowly accelerating to highway speeds instead of matching the speed of already present traffic.
 
viscountalpha said:
It makes me want to keep my 80's car all the more. None of this nonsense on those cars. In fact I wonder if that's a selling point instead.
Click to expand...

1. OBD has been around since the 80s. Maybe your car doesn't have it, but some do.

2. You have to install this yourself. No car itself can be hacked. I assume the hacker has to have access to the dongle anyways to hack it.
 
DocSavage said:
How much do you actually save to have to drive like a granny for a few weeks? Also, imposing artificial constraints in the name of "safe" driving can actually be more dangerous -- for example, slowly accelerating to highway speeds instead of matching the speed of already present traffic.
Click to expand...

I saved 13%.
 
PCunicorn said:
1. OBD has been around since the 80s. Maybe your car doesn't have it, but some do.

2. You have to install this yourself. No car itself can be hacked. I assume the hacker has to have access to the dongle anyways to hack it.
Click to expand...

OBD2 is what the article says. I'd be surprised if it supports OBD1.

My car is a 95 and has OBD1. In the 96 version, they started using OBD2.
 
chockomonkey said:
OBD2 is what the article says. I'd be surprised if it supports OBD1.

My car is a 95 and has OBD1. In the 96 version, they started using OBD2.
Click to expand...


Thanks chockomonky. Obd1 is very limited and isn't chattering away to the manufacturer like bmw is

FTA-

"Privacy of data within cars is also a growing concern, one highlighted by Thuen’s research. BMW this week said it had repeatedly been asked by technology companies and advertisers to hand over the data their cars generated, but it has refused to give in to those requests."

My response is to modern cars that have all this stuff that can be used against us. I always worry Onstar could be used against someone if they pissed off the wrong person. So- This is NOT just a progressive dongle issue. This is a computer meets car issue.
 
Ultima99 said:
Don't get your dongle hacked!
Click to expand...


Tell that to John Wayne Bobbitt

aMSdR.jpg
 
tacos4me said:
this. small price to pay for the savings involved (in most cases).
Click to expand...

It's not quite permanent actually, can be removed if you get in an accident at fault for sure. Probably a few other things in small print.
 
You must log in or register to reply here.
Back
Top