Is Your Driver Black Box Secure?

A recent investigation carried out in the US that examined the security of insurance company supplied tracker devices has shown that a very serious loophole may exist. Corey Thuen investigated the ‘Snapshot’ driver black box that is used by Progressive Insurance to track the speed, location and driving tendencies of over 2 million drivers. The idea is that once this tracker data is received, insurance premiums can often be lowered for drivers who demonstrate good behavior on the roads. However, Mr Thuen, who works for a consultancy firm called Digital Bond, found that by reverse engineering the software he was able to access the vehicle’s CAN bus. This CAN bus is a part of the vehicle that lets different electronic and digital components talk to each other, so the fact that access to this is possible would be of great concern. In an interview with Forbes, Mr Thuen said that “The firmware running on the dongle is minimal and insecure,” and that “It does no validation or signing of firmware updates, no secure boot, no cellular authentication, no secure communications or encryption, no data execution prevention or attack mitigation technologies…. basically it uses no security technologies whatsoever.” The CAN bus has control over a range of functions, from braking to door locks to a vehicle’s steering, so this potential lack of security is something that needs to be tackled head-on…

 

Black Box

 

You can find more details here at telegraph.co.uk

Comments are closed.