Oh No, Flo! Hacking Progressive's Snapshot Dongle

A security researcher has been putting together a proof of concept hack for the Progressive Insurance Snapshot device (the plug-in dongle that tracks your driving activities in order to calculate your insurance rate based upon your actual behavior). Such a condition could allow a hacker to access the car's own systems, and that can't be good; modern cars are pretty much two-ton mobile computers, so...
He [Corey Thuen] started by extracting the firmware from the dongle, reverse engineering it and determining how to exploit it. It emerged the Snapshot technology, manufactured by Xirgo Technologies, was completely lacking in the security department, Thuen said. “The firmware running on the dongle is minimal and insecure. It does no validation or signing of firmware updates, no secure boot, no cellular authentication, no secure communications or encryption, no data execution prevention or attack mitigation technologies… basically it uses no security technologies whatsoever.”

No comments:

Post a Comment