Researchers from University of California, San Diego have demonstrated to hack Corvette by sending specially crafted SMS messages to a tracking dongle plugged to the car’s OBD-II (On-Board Diagnostics port). In a youtube video ( below) demonstrating the exploit, the researchers operated the windshield wipers, applied and deactivated the brakes at lower speeds.
( Dongle is a small device also called as a telematic control unit which is lately used by insurance companies to track user driving behavior.
“We acquired some of these things, reverse engineered them, and along the way found that they had a whole bunch of security deficiencies,” says Stefan Savage, the University of California at San Diego computer security professor who led the project.
This technique was used wirelessly hack into any of thousands of vehicles through a tiny commercial device: A 2-inch-square gadget that’s designed to be plugged into cars’ and trucks’ dashboards and used by insurance firms and trucking fleets to monitor vehicles’ location, speed and efficiency. – weird reports
“TCUs can be divided into those sold and integrated by the OEM itself (e.g., such as GM’s On-Star, Ford’s Sync, etc.) and those that serve the aftermarket (e.g., Progressive Snapshot’s, Automatic Lab’s Automatic, Delphi’s Connect, etc.),” the researchers explained in a paper.
The researchers primarily concentrated on one particular device, made by French company Mobile Devices and used in the US by a numerous insurance and transportation companies to track and monitor vehicles.
Video Displays the actual hack
Currently lot of insurance companies provide the dongle and promise to provide discount based on driving behavior. Without right security in place those dongles can cause serious damages to the user if right preventative measures are not taken to secure the dongle. Hence customers must stay away from such dongles.