Hackers could commandeer up to 2m US vehicles via compromised Bluetooth insurance dongles
As many as 2m US drivers using insurance firm devised Bluetooth dongles, designed to log vehicle GPS and speed, could be at risk of having their vehicles remotely commandeered by hackers, it has been claimed.
A weakness in the software used by Progressive Insurance was uncovered by security researcher Corey Theun, prompting him to go public with his findings at a security conference. Speaking to Forbes he said: “It does no validation or signing of firmware updates, no secure boot, no cellular authentication, no secure communications or encryption, no data execution prevention or attack mitigation technologies ... basically it uses no security technologies whatsoever.”
By utilising such vulnerabilities a malicious hacker could potentially target the insurance firm’s servers in order to assume control of the vehicles accelerator and brake pedal.
Theun concluded: “A skilled attacker could almost certainly compromise such dongles to gain remote control of a vehicle, or even an entire fleet of vehicles. Once compromised, the consequences range from privacy data loss to life and limb.”
In a statement Progressive Insurance said it welcomed information identifying security problems.