A team from the University of California at San Diego (UCSD) gained access to the onboard computer of a 2013 Corvette by sending text messages to a plugged-in dongle that measures a car’s location and speed for insurance companies. The hack was demonstrated at the Usenix security conference in Washington DC. Savage’s team worked with dongle which is called OBD2 dongle and manufactured by French firm Mobile Devices. Mobile Devices ships these dongles and and other products to many auto manufacturers and many third-party vendors. In United States, the dongle is marketed by San Francisco insurance company Metromile, which offers pay-per-mile insurance based on data logged by the dongle. Metromile issues these dongles to car owners for tracking vehicles and charging their insurance on a per-mile basis. https://www.youtube.com/watch?v=-CH9BvFlrGs Although the USCD group was only able to cut the Corvette’s brakes when it was driving at slow speed, the hack’s success indicates that more security flaws are a real concern when it comes to connected cars. The researchers said that they had notified Metromile about the vulnerability in June and Metromile had pushed out a software patch to its customers.
