According to Forbes Magazine, More than two million vehicles may be at risk thanks to insecure firmware in Progressive Insurance’s “Snapshot” dongle – a device used to track driving habits for risk assessment and premium adjustment.
Digital Bond Labs security researcher Corey Thuen discovered the vulnerability that can unlock car doors, start a car and gather engine information.
Snapshot’s firmware contains no validation or signing of updates, secure boot, cellular authentication, secure communications or encryption. A skilled hacker could control a vehicle remotely, Thuen said, but a remote attack is only possible if a u-blox modem, which handles connections between the dongle and Progressive’s servers, is compromised.
0