Recently, more car insurance companies have been using technology to track your driving habits. They can save you big bucks on your insurance bill by proving you're a safe driver.
It's all well and good to save money (there's no one that loves free more than I do), but sometimes there's a different price to pay when you save money. Now we know that at least one of these devices is extremely vulnerable to hacking
Take for instance the Progressive car insurance "SnapShot" dongle. It's a gizmo that plugs into your car's computer to get speed and location info to create a custom insurance plan for you. And if you have it, your car could be hijacked.
About 2 million people in the U.S. have these SnapShot dongles in their cars, and even more have rival versions offered by other insurance companies. The problem with these gizmos isn't that they're plugged into your car, it's that there are no security systems on them whatsoever.
A researcher named Corey Thuen told Forbes, "It does no validation or signing of firmware updates, no secure boot, no cellular authentication, no secure communications or encryption, no data execution prevention or attack mitigation technologies ... basically it uses no security technologies whatsoever."
Thuen reverse-engineered the SnapShot and found that its firmware was woefully outdated and unsecured. If the Progressive server were to be compromised, it could allow hackers to take control of steering and braking remotely, which "could result in loss of life."
Thuen attempted to notify the SnapShot manufacturer, Xirgo Technologies, about the potentially fatal flaw but received no response. He decided to go public with the information at the S4x15 conference in Miami to make sure that the company would take steps to fix this serious problem.
What does Progressive have to say about this? "Progressive Insurance said it was not informed before the talk and that it would welcome input on identifying the holes."