could result in loss of life
I hope their product liability insurance is up-to-date!
A bluetooth dongle used to track driver habits for insurance purposes has been hacked potentially allowing cars to be remotely hijacked, researcher Corey Thuen says. The attack targeted the SnapShot dongle offered by US company Progressive Insurance and used by two million American drivers which collected vehicle location and …
To be clear, the monitoring program is optional.
In exchange for allowing your insurance company to openly spy on you, you get a discount on said insurance. That is, as long as you obey the rules in the monitoring agreement. I'm sure if you speed a lot or do something else they don't like they'll jack your rates right back up.
And here I was just last week talking about how health insurance providers are trying to bribe people into their information via 'fitness trackers' through offering a discount for doing so.
Anyone who actually agrees to tell their insurance companies where they are and (often by extension) what they are doing at all times is just plain stupid. Unfortunately, the more people agree to this, the more prevalent it will become and the harder it will be to find policies that provide a good deal without you having to let them track you.
Before long, you will have governments wanting all this information as a matter of course - not just with a warrant. And they will use the same ridiculous arguments they do now, which amount to:
"But people give their personal information to Facebook - I don't understand why they wouldn't want us to having it all too."
It's up to everyone to resist this insidious push from every part of the commercial world for ever increasing amounts of our data.
One can imagine the ideal consumer:
Imagine how 'relevant' and 'personalised' the 'content' you receive will be! Awesome!
(And that's just when it's used for the relatively 'benign' purposes of getting you to buy crap and extracting maximum profit from everyone. When that data inevitably finds its way to even less ethical people it becomes extra-awesome.)
Life is short. Which is just as well because it's also nearly unbearably depressing.
But..but.. it's the wave the future and the future is here now. It's been in all the papers. :) Yeah, I got hit on that... good driver/low milage and let us track your car for lower rates. Except my car doesn't have anyway for Bluetooth to work. No On-star, etc. The agent suddenly changed tactics and tried to talk me into getting a new car for lower premiums. I wonder how many idiots fall for that. I might have if (bit IF) I needed a new car since their interest rate was like 1% (well below the bank's)..
But that's the game with the IoT's, give you a seemingly good deal while extracting and monitoring you. I wonder how many people would put up with such tracking and targeting if it was done by the government for, say, a lower tax rate? (I hope NSA doesn't read this... they might talk to Congress.)
And here I was just last week talking about how health insurance providers are trying to bribe people into [giving up] their information via 'fitness trackers' through offering a discount for doing so.
Yup. Our HR department just announced our participation in this "exciting program" from CIGNA. Personally I have no interest in fitness trackers, but if I did, I certainly wouldn't be sending the data to a for-profit corporation.
"Progressive Insurance said ...... it would welcome input on identifying the holes."
Because that's a lot cheaper and easier than doing it properly in the first place.
Why does the car control system accept inputs from a dongle that anyone can plug in? Why don't they have an output-only port for monitoring? A moment of thought would ......... oh.
Of course...then they tag your car as "too old" and "high risk" and your premiums shoot through the roof... and of course, all the car insurance people carry this out in order to stay competitive, so your only option is the mass transit station that's over a mile away over hills and other inhospitable terrain in an area known for frequent rain...
Since those problems are only relevant if you connect the dongle to an actual car... in that case they even advertise that they will track your every move.
If you use it the way it's intended, on a "car simulator", you should be safe. Never ever connect it to your car. That should be common sense.
> "A little box which messes with GPS signals?"
> Doesn't need to be so complex. Those boxes don't have GPS, they are connected to the CAN bus in a car. It should be fairly simple to emulate that.
You only need to intercept the speed data from the CAN bus and reduce anything over 30mph by 20% before it gets into the insurance company device. Should be enough to get the best premiums.
I've actually been thinking about building one. CAN bus isn't really that complicated. I figure it's only a matter of time until all insurance companies require them (or make rates so high, you can't afford insurance without using one). I would never install such a thing on my car.
I could move offshore, and sell them on Ebay. I'm really surprised no one has started doing it yet? I would have thought some Chinese company would already be making them? All you need is a simple dongle and some software for the PC.
It does no validation or signing of firmware updates, no secure boot, no cellular authentication, no secure communications or encryption, no data execution prevention or attack mitigation technologies ... basically it uses no security technologies whatsoever.
Best. Review. Ever. There is nothing I can add to that. It is simply perfect.
And it's actually legal for an insurance company to foist something like that onto their customers.
Isn't there a law against that somewhere, just as there would be if a car more-often-than-not fell to pieces within a year. Or are we all expected to put up with shoddy IoT crap for the next 20 years because politicians have their e-mails printed out for them and have no idea about legislating in this area?
"And it's actually legal for an insurance company to foist something like that onto their customers."
"Isn't there a law against that somewhere,"
It is legal as long as they state they're doing it. A car hire company got into the shit a couple of years ago when they started issuing speeding "fines" by reading the GPS logs when the vehicle was returned. Never mind the fact a "fine" is a goverment legislated thing with tight restrictions that retard private car hire companies don't have the luxury to hoist on their customers anyway.
They "fixed" it by burying it in their fine print, and calling a "fee" instead.
Ahh, the fine print, does it know no limits?
This device has no reason what so ever to be transmitting on the CAN bus and the transceiver should be configured so that it is impossible for it to do so:
1) This would prevent it corrupting the bus if the device where to go faulty (which can also lead to undesirable behaviour);
2) It would be unable to change anything within the vehicle systems.
CAN is a broadcast bus (think of it as a distributed memory region). Only one node is permitted to "write" to a location by sending a message with a particular identifier value (unless you get in to the use of more complex higher-level protocols), but any node is permitted to "read" it be receiving messages with that identifier.
All nodes participating in (active) bus communications transmit, even if it's just to say "received" or "that message was not valid when it got here". However, a device like this (assuming it's directly connected to the CAN bus, which is not always the case if it does via the OBDU connector) does not (and should not) send acknowledge bits, error frames or anything else as it is not part of the design and it's failure modes have not been considered.
Most of these boxes work by sending OBD2 requests to the ECU for things like road speed, RPM, accelerator position. They combine that with accelerometer and GPS data to come up with some dubious driver style calculation. OBD2 is a request-response protocol so needs CAN BUS to be active.
However, the vehicle itself normally has a layer of security to prevent people from messing around with things, that's manufacturer and usually model specific, so would be difficult to do any real damage.
The box supplier should be more worried about people hacking it to send perfect driver style scores thus reducing the insurance premiums.
"This device has no reason what so ever to be transmitting on the CAN bus and the transceiver should be configured so that it is impossible for it to do so:"
I can see a market for the "old school" hidden lockout switches. You know, the ones that prevent the engine from running till you flip the obscure switch?
This is the same, but disables the USB port on the dash (or whereever it is) except if you're taking it to the mechanics or such (and they'd probably have access to other ports anyway).
I think it would be able to create a decent driver profile with just that, you don't need to have access 100% of the time to see what sort of driver someone is for insurance purposes, you just need to know what times they drive, how fast they drive and how erratically.
They only issue is blocking GPS but the accelerometer should flag up any issues with that, Some people who drive along streets in major cities with large skyscrapers could be stopped from using that device due to lack of GPS signal but they could be offered the OBD version instead.
I guess the reason they plug into the vehicle information system is because they can and they are being overly obsessive.
Why on earth is a tool for monitoring how and where you drive allowed to mess with the car's controls? Shouldn't the point of a monitoring tool be to watch only? If this device can also control the car then isn't that a simple get-out in court in case of an accident? Or do the companies supply a separate insurance policy to cover the damage that may be caused by the dongle talking control ROTM style?
I expect that great fun will ensue the next time someone's airbags go off "for no reason" and one of these dongles is present. The victim's lawyer will sue a car company but disclose that an insurance dongle was plugged in. The car company will countersue the insurer (with heavyweight lawyers). The lawyers will get rich. The victim will probably get some compensation. I expect (or rather hope) that it's the insurer's no-security dongle that gets the blame.
I am seeing more and more reasons for driving around in an old car (pre-CANBUS).
So if you have one of these fitted to your car, it's actually better to hit the idiot who pulls out in front of you with no warning because if you brake harshly or swerve to avoid and don't hit anyone, it's your insurance premium that will go up because you'll be deemed a bad driver! Wonderful idea.
Most CAN transceivers have a passive mode for read-only but it's a software controlled feature. So your hackers could change it to get write access. I don't see what you could do in hardware to prevent this.
It strikes me there should be a manufacturer-provided port for this function based off an additional can-bus with copies of the relevant data. Anything writing to that would have no effect on the vehicle.
I had such an accident, was forced to brake hard enough to lock the wheels. My bike rose up onto front wheel, Tom Cruise style, but I still clipped the guy cutting me off. His insurance paid, but if he had moved half a second earlier, he would have cleared and I still would have been smeared across the highway with him having disappeared into the night.
I'm not an expert on the CAN bus, but it seems to me that if the only purpose of this dongle is to record data for insurance purposes it should have been designed to be "read only" off of the bus. Then there wouldn't be any issue about taking control of the car. Why even hook up any write lines for a function like this? I understand it needs to be able to query the bus for information - but that is way different from putting data on the bus and issuing a write command.
There would still be the issue of the logged data being easily available though.
I run a VC fund. We looked at investing in a company (they turned us down!) who can get all the data they need from a smartphone app with no need for access to CANBUS. This business model addresses the issue that US cars all have a standard port that a dongle like this canplug into but in Europe, black boxes for telematics in car insurance are all model / manufacturer specific and expensive custom installations. They have backing from a major European insurer.
The apparent risks of selective monitoring and fraud in this approach can all be dealt with by requiring minimum usage and regular photo evidence of tachometer readings, MOT, V5 docs etc. and investigating discrepancies.