Scroll Top

Progressive “Snapshot” Dongle is Insecure; Puts Millions of Autos at Risk

progressiveAccording to Forbes Magazine, More than two million vehicles may be at risk thanks to insecure firmware in Progressive Insurance’s “Snapshot” dongle – a device used to track driving habits for risk assessment and premium adjustment.

Digital Bond Labs security researcher Corey Thuen discovered the vulnerability that can unlock car doors, start a car and gather engine information.

Snapshot’s firmware contains no validation or signing of updates, secure boot, cellular authentication, secure communications or encryption. A skilled hacker could control a vehicle remotely, Thuen said, but a remote attack is only possible if a u-blox modem, which handles connections between the dongle and Progressive’s servers, is compromised.

Read More

0

Leave a comment