Attack on quality-monitoring devices can cause collapse on US roads
Safety Specialist Corey Twain, using a laptop, hacked a Snapshot device that monitors driving quality and installed Progressive Insurance, one of the largest US insurance companies. Corey gained access to the ability to open and close doors, start cars and read information from the engine. All data is transmitted to the insurer via wireless networks, which makes the device vulnerable and dangerous for road users.
Cory Tuyen works as an information security researcher at Digital Bond Labs. He already had doubts about the safety of driving dongles, such as Snapshot. These devices provide insurers with impersonal data about driving quality, abrupt stops or speeding, and all driving habits on the road. Data from the devices are used for discounts on car insurance.
Cory used his own 2013 Toyota Tundra equipped snapshot as a guinea pig. To begin with, he downloaded the firmware from the dongle in order to find weak spots using reverse engineering. Corey could not find any security technology in a device manufactured by Xirgo Technologies. In this case, the dongle is used on 2 million cars that drive on US roads.
')
Cory Twain presented the results of his work on January 15 at the S4 conference in a report on remote control of cars.
Not in vain, security experts turned their attention to such devices, as well as to the initiative of General Motors to launch a program of "driver assessment." In all these cases, special equipment collects data and sends them over the air. If we forget for a moment about the security of personal data, because our smartphones will tell more about us than cars, then there remains a more important problem: the ability to control the engine and doors of a car through these devices.
Cory Tuyen works as an information security researcher at Digital Bond Labs. He already had doubts about the safety of driving dongles, such as Snapshot. These devices provide insurers with impersonal data about driving quality, abrupt stops or speeding, and all driving habits on the road. Data from the devices are used for discounts on car insurance.
Cory used his own 2013 Toyota Tundra equipped snapshot as a guinea pig. To begin with, he downloaded the firmware from the dongle in order to find weak spots using reverse engineering. Corey could not find any security technology in a device manufactured by Xirgo Technologies. In this case, the dongle is used on 2 million cars that drive on US roads.
')
Cory Twain presented the results of his work on January 15 at the S4 conference in a report on remote control of cars.
Not in vain, security experts turned their attention to such devices, as well as to the initiative of General Motors to launch a program of "driver assessment." In all these cases, special equipment collects data and sends them over the air. If we forget for a moment about the security of personal data, because our smartphones will tell more about us than cars, then there remains a more important problem: the ability to control the engine and doors of a car through these devices.
Source: https://habr.com/ru/post/375621/
All Articles