Recent Featured Videos and Articles | Eastern “Orthodoxy” Refuted | How To Avoid Sin | The Antichrist Identified! | What Fake Christians Get Wrong About Ephesians | Why So Many Can't Believe | “Magicians” Prove A Spiritual World Exists | Amazing Evidence For God | News Links |
Vatican II “Catholic” Church Exposed | Steps To Convert | Outside The Church There Is No Salvation | E-Exchanges | The Holy Rosary | Padre Pio | Traditional Catholic Issues And Groups | Help Save Souls: Donate |
Holes in Progressive Dongle Could Lead to Car Hacks
threatpost.com A device that a popular car insurance company sends to customers to keep track of their driving and reduce their rate may be insecure and could be used to take control of a user’s vehicles. Progressive manufactures the device, a dongle called Snapshot that plugs into the OBD-II diagnostic port on most cars. Cory Thuen, a security researcher at Digital Bond Labs described at a security conference last week how the device could be used to hack into some vehicles’ onboard networks. The device, already in use in two million cars across the U.S., is designed to capture users’ driving habits in order to get them a better rate on car insurance. Thuen took Progressive up on an offer the company runs where they can offer anyone who wants to try out the device a free trial. After reverse engineering the device and plugging it into his Toyota Tundra, Thuen discovered the dongle not only fails to authenticate to the cellular network but also fails to encrypt its traffic. On top of that, the device’s firmware isn’t signed or validated and there’s no secure boot function. The dongle also uses the FTP protocol, a platform now more than 30 years old and largely regarded as insecure. Perhaps more distressing, the device runs on CANbus, the same standard that processes the inner workings of the vehicle’s transmission, brake system, airbags, cruise control, power steering, etc. That means the device sends messages over CAN whenever it requests specific information about the vehicle’s network systems. “Anything on the bus can talk to anything [else] on the bus,” Thuen told Kelly Jackson Higgins at Dark Reading last week. Thuen went on to reason that since there’s no encryption, if someone wanted to spoof a cell tower, they could be able to conduct a man-in-the-middle attack. Or one day, if Progressive’s servers ever got hacked, hackers could gain complete control over any affected cars. Thuen presented his findings in a talk, Remote Control Automobiles, last week at S4x15, a conference held each January in Miami by Thuen’s employers, Digital Bond. to read more: threatpost.com
Sign up for our free e-mail list to see future vaticancatholic.com videos and articles.
Recent Content
^