Cyber security experts in the United States have hacked into a telematics dongle and used it to take control of a moving vehicle.
Researchers from the University of California at San Diego unveiled their startling finding at the Usenix security conference earlier this week in yet another blow to the security of connected cars.
Using carefully crafted text messages, the researchers were able to transmit commands to the telematics device which were used to stop and disable the brakes of a Corvette, wired.com
“We acquired some of these things, reverse engineered them, and along the way found that they had a whole bunch of security deficiencies,” Stefan Savage, the University of California at San Diego computer security professor who led the project, said of the hack.
Savage confirmed that by accessing the telematics device, they were able to “control just about anything on the vehicle they were connected to.”
The researchers hacked a device, similar to QBE
’s Insurance Box, which is used by US insurer Metromile who offer a pay-by-the-mile solution for Uber drivers in the United States.
“We took this very seriously as soon as we found out,” Metromile CEO Dan Preston told wired.com.
“Patches have been sent to all the devices.”
The telematics hack is the latest in a series of attacks on car-based technology.
Earlier this year, QBE
stressed the safety of their telematics devices compared with their American counterparts which were used in a hack and researchers recently took control of another vehicle through its on-board wifi.
Researcher Karl Koscher, who worked on the project, said that the latest breach should give customers pause for thought when it comes to telematics.
“Think twice about what you’re plugging into your car,” Koscher said.
“It’s hard for the regular consumer to know that their device is trustworthy or not, but it’s something they should give a moment’s thought to. Is this exposing me to more risk? Am I ok with that?”