Scroll Top

Progressive “Snapshot” Dongle is Insecure; Puts Millions of Autos at Risk

progressiveAccording to Forbes Magazine, More than two million vehicles may be at risk thanks to insecure firmware in Progressive Insurance’s “Snapshot” dongle – a device used to track driving habits for risk assessment and premium adjustment.

Digital Bond Labs security researcher Corey Thuen discovered the vulnerability that can unlock car doors, start a car and gather engine information.

Snapshot’s firmware contains no validation or signing of updates, secure boot, cellular authentication, secure communications or encryption. A skilled hacker could control a vehicle remotely, Thuen said, but a remote attack is only possible if a u-blox modem, which handles connections between the dongle and Progressive’s servers, is compromised.

Read More

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.