Mobile Devices and Metromile state that the vulnerability has already been patched, but the UCSD researchers claim that thousands of vehicles connected to other Mobile Devices distributors are still visible to their Internet search tools.
Advertisement
As if recent research on vehicle hacking wasn’t frightening enough, a new study shows yet another danger to increasingly networked vehicles. The company, Wired reports, has recently partnered with Uber, offering the devices to contract drivers for an insurance discount. It’s pretty common to find cars with an OBD2 dongle – they’re regularly handed out by insurance companies to track cars.
To illustrate, the researchers equipped a Chevrolet Corvette with one of these driver-monitoring telematics boxes and were able to take control of the vehicle using little more than SMS instructions sent to a specific phone number. The hackers, as well as those concerned believe that this hack can easily be modified to access systems like locks and transmissions, and steering of most modern cars.
But some of these little boxes could also be an Achilles’ heel that leaves their host cars vulnerable to hacking, warns a group of digital security researchers at the University of California at San Diego.
“We acquired a few of these issues, reverse engineered them, and alongside the best way discovered that that they had an entire bunch of safety deficiencies”, stated Stefan Savage, the College of California at San Diego pc safety professor who led the venture.
They developed a two-stage attack which updated the device’s software and then allowed them access to funnel commands to the CAN bus.
Wired reported last month how researchers remotely took control of a Jeep Cherokee traveling along the freeway through its information system. In their demonstration video using a cherry-red Corvette, the vehicle’s windshield wipers were started remotely.
Savage’s team worked with dongles manufactured by French firm Mobile Devices, whose products are used by auto manufacturers and many third-party vendors.
Advertisement
The OBD attack isn’t limited to just Corvettes, or Chevrolets for that matter. This is a class of device that should be considered the same way we consider a medical device. More details about the vulnerability will be revealed at the Usenix security conference today, according to Wired. If you’ve ever had a check engine light come on and brought your auto to a shop, the first thing a technician usually does is plug a scanning device into the OBDII port to diagnose the problem.
