Hackers take control of car brakes using insurance dongle

The automotive hacking fraternity has been busy in recent months. The latest exploit has seen a team of security researchers taking over a cars brakes using an internet-enabled device people plug into their cars to save money on insurance.

The researchers, from the University California, San Diego have demonstrated that an OBD2 dongle — which plugs into a car’s dashboard and monitors its location, speed, and fuel efficiency — can be turned against a car and used to run the windscreen wipers and apply the brakes.

The exploit makes heavy use of SMS and allows the hackers to send commands to the car’s CAN bus.

“We acquired some of these things, reverse engineered them, and along the way found that they had a whole bunch of security deficiencies,” security researcher Stefan Savage, of University of California at San Diego told Wired. The dongles, he says, “provide multiple ways to remotely…control just about anything on the vehicle they were connected to.”

The OBD2 dongle is manufactured by France-based firm Mobile Devices and has a number of applications including the automotive insurance space.

The researchers say that other wireless devices might also have serious vulnerabilities.

“Think twice about what you’re plugging into your car,” UCSD security researcher Karl Koscher told Wired. “It’s hard for the regular consumer to know that their device is trustworthy or not, but it’s something they should give a moment’s thought to. Is this exposing me to more risk? Am I ok with that?”