Insurance/Uber monitoring dashboard devices let hackers "cut your brakes" over wireless


#1

Originally published at: http://boingboing.net/2015/08/11/insuranceuber-monitoring-dash.html


#2

When are they going to realize, corporate America doesn’t want their do-gooding? If you spot a zero-day flaw in some system, just pass it along to Anonymous, who can use it to… I dunno… maybe have a couple of “accidents” that change the tilt of the Supreme Court?


#3

How would one go about buying a car with no wireless connections of any kind? No WiFi, no Bluetooth, no SIM card, no remote starter, no nothing? Is that even a thing?


#4

My car is reasonably new (Mazda 5, 1 year old). I believe it might have bluetooth for connection to a mobile, never turned on. It has a SIM slot for the GPS, never used. No Wi-Fi (how could it?) and no remote starter.

So, pretty easily?


#5

I guess one could use a field strength meter or something to look for communications. Either unplug the module, or, barring that, patch the firmware to not use them.


#6

Thanks. I really don’t know - I have no car myself and am not in the market for one. I’ve just noticed that this or that wireless connectivity is increasingly part of the marketing for cars. I know that most of my friends’ cars seem to have some remote connectivity that I’m aware of - and that’s not counting the stuff I’m not even aware of because I don’t idly read other people’s car manuals. (I doubt I’d know if they have OnStar or this insurance company gizmo or something)

Plenty of cars do come with WiFi these days. I think the idea is also have a router & cellular modem, but even without a SIM card, the WiFi might still be on.

Out of curiosity, have you checked whether the Bluetooth in your car is actually powered off when you turn off the feature? I don’t even know how I’d check that.


#7

I suspect I’m on a different continent to you, being in the UK.

As a country that will get your (US) bad ideas in ~5 years time, this is important to me. Can you not just buy cars that do not have these problems?


#8

They are typically options. Some manufacturers put them in every vehicle, but others are a few years behind. All this stuff is typically tied into the radio (sorry, entertainment center) anyway, so spending fifty bucks to get a CD-only stereo should suit your purposes.


#9

‘CD’?

Wouldn’t that get in the way of the the 8 track slot?


#10

Last weekend we got rid of the car with the tape deck. Now I literally don’t know what to do with my Salt and Pepa cassette as I can’t play it on anything else. LOL!


#11

I have a soft spot for ‘O RLY’. it was a thing when I was [mumble].


#12

SRSLY.

<no descriptive for you!>


#13

Craigslist.


#14

Progressive doesn’t mandate Snapshot, but you get a discount if you opt in (and don’t drive like a maniac.)

From their FAQ:

Some devices collect location data: this is only for research purposes—we don’t use it to calculate your rate.

But the data is there for the collecting.


#15

If these guys wanted to be useful they’d figure a hack to overwrite the collected data with another data set. I’d like to get my discount and still drive like a maniac.


#16

Motorcycle

With a Prius I drive sometimes it ceases all communication with the phone when i hit the power button*, despite the fact that the car itself somewhat stays on (keyless dongle and all that)

With my personal car (an early 00’s Ford) I recently got a bluetooth enabled OBD-ii diagnostic scanner, which I’ve kept unplugged because it stays powered on and I kind of worry about the car battery.

*The thing that irritates me is that the 12v ‘cigar lighter’ charger port turns off in the Prius — the car with six large batteries, but runs all the time in the Ford — the car with one single rinky-dink battery that was probably the cheapest one the dealer put in.


#17

All cars have a “OBD” (on board diagnostic) port.

That is the port where the mechanic hooks up his scanner when your “check engine” light comes on. Not only can he see what the problem is, he can also change items or run things like fuel pumps etc. for diagnostic purposes (or here ABS failure modes)

This is the same port that insurance companies are using to “monitor” your driving behaviour. But this item is remotely accessible. And with this your car can be hacked.


#18

Yes. If you go to the company, you run the very real risk of prosecution. If you have any doubts whatsoever about how the company will respond, then you are better off just throwing the information out into the wild.


#19

This topic was automatically closed after 5 days. New replies are no longer allowed.