A vulnerability ( pdf ) in a dongle which is used by insurance companies and fleet managers to monitor cars remote makes it possible for attackers to operate all kinds of parts via SMS. That the researchers today at the Usenix Security Conference show in Washington.
The C4 OBD2 dongle of the French Mobile Devices makes it possible to monitor the location, speed and efficiency of vehicles. The devices are plugged into the diagnostic port (OBD-II) of the car, that is usually located under the steering wheel.The device features a GPS receive, mobile phone chip and onboard microprocessor. If the car driving is the dongle communicates with CAN bus of the car. This is the internal network that controls the physical components of the car.
The dongle then sends information from the car via the GSM network to the provider. Researchers at the University of California managed by sending text messages to the dongle to control the CAN bus of the car. For their demonstration, the researchers used a red Corvette, as in the video below shows. Via text message, they could eventually turn the brakes and turn off and turn on the windshield wipers.
Update
The US insurance company which distributes the Metro Mile dongles in the US was warned in June by investigators for the leak. Both Mobile Devices as Metro Mile argue that they have rolled out an update that automatically over-the-air is installed.The CERT Coordination Center (CERT / CC) at Carnegie Mellon University warns that there is no way to verify that the update is installed.
Users who do not know whether their dongle is vulnerable therefore be advised to remove the device until the update can be confirmed. Through the leak, an attacker can cause damage to the car or provide human injury, according to the CERT / CC.According to Wired would still driving thousands of vulnerable cars, mainly in Spain.
No comments:
Post a Comment