{"id":4511,"date":"2015-01-27T10:00:56","date_gmt":"2015-01-27T15:00:56","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=4511"},"modified":"2020-02-26T18:59:33","modified_gmt":"2020-02-26T14:59:33","slug":"progressive-snapshot-car-hacking","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/progressive-snapshot-car-hacking\/4511\/","title":{"rendered":"Progressive Snapshot Exposes Drivers to Car Hacking"},"content":{"rendered":"

A researcher discovered last week that he could exploit Progressive\u2019s Snapshot driver tracking tool<\/a> in order to hack into the onboard networks of certain automobiles. Snapshot is a tool manufactured by Progressive auto insurance that plugs into the OBD-II port<\/a>. Its purpose is to monitor driving behavior in order to offer cheaper insurance rates to safer drivers.<\/p>\n

\"Progressive-Snapshot-Hack\"<\/a><\/p>\n

For the uninitiated, the OBD-II is the input port beneath and, in general, slightly to the left of your steering wheel. It\u2019s the port into which your mechanic plugs his emissions inspection machine to check all the codes in your car\u2019s computer systems to make sure the vehicle isn\u2019t releasing harmful pollutants. It\u2019s also the port into which you can plug a diagnostic scanner to check why your check engine light has turned on.<\/p>\n

Simply put: Your car\u2019s computer network consists of sensors, electrical control units, and the controller area network<\/a> (CAN) bus. The ECUs, of which there can be very many, serve a variety of purposes, but mainly they process signals from sensors monitoring everything from engine control to airbags, to any number of other components most have never heard of. ECUs are connected and communicate via the CAN bus. For example: If you crash your car, a sensor tells its ECU that it thinks you crashed, and the ECU then passes that message along the CAN bus to another ECU that tells your airbag to deploy.\u00a0<\/p>

@Progressive #Snapshot driver monitoring tool is insecure and exposes drivers to car hacking:<\/p>Tweet<\/a><\/blockquote>\n

The OBD-II port used<\/em> to be the only way to plug into and communicate with the CAN bus and its ECUs. New research shows that this can be done wirelessly as well<\/a>.<\/p>\n

Digital Bond Labs security researcher Cory Thuen got a Snapshot device, which is used in nearly two million cars. He reverse engineered it, figured out how it worked, and plugged it into his Toyota Tundra. Then determined that Snapshot does not authenticate itself nor does it encrypt its traffic data, contain digital validation signatures, or offer a secure boot function.<\/p>\n

To be clear, Snapshot devices communicate with Progressive over the cellular network in plain text. This means that an attacker could pretty easily set up a fake cell tower and perform a man-in-the-middle attack.<\/p>\n

It\u2019s entirely possible that a remote hacker could inject code through a Snapshot dongle and onto the very network that controls your car\u2019s airbags and emergency brakes.<\/div>\n

Despite these serious security lapses, the device has the capacity to communicate with the CAN bus. Therefore, it\u2019s entirely possible that a remote hacker could inject code through a Snapshot dongle and onto the very network that controls your car\u2019s airbags and emergency brakes. Thuen\u2019s work stopped short of injecting code into the car\u2019s network. He claims he was merely interested in figuring out if there was any security in place to stop him from doing it.<\/p>\n

Before you panic, I spoke with IOActive\u2019s director of vehicle security research<\/a> and famed car hacker, Chris Valasek, about pumping malicious code into the CAN bus last year, and he assured me that it\u2019s easier said than done.<\/p>\n

\n

#Security<\/a> Holes in @Progressive<\/a> Dongle Could Lead to Car Hacks \u2013 http:\/\/t.co\/4iWReok2F4<\/a><\/p>\n

\u2014 Threatpost (@threatpost) January 19, 2015<\/a><\/p><\/blockquote>\n