UCSD computer scientist Stefan Savage and colleagues will present their work at Usenix Security: they were able to disable the brakes on a 2013 Corvette by breaking into a Mobile Devices/Metromile Pulse dongle, used by insurance companies to monitor driving in exchange for discounts on coverage.
Uber offers insurance to its drivers through Metromile; those drivers use Metromile devices. Metromile claims it has patched all the devices, but by scanning the Internet, the researchers were able to locate thousands of vulnerable vehicles on the road today that used the Mobile Devices dongle distributed in the US by Metro Mile.
Other insurance company/automotive telematics devices, including the Snapshot (mandated by Progressive Insurance), are also vulnerable. Federal regulations require federal agencies with more than 20 vehciles in their fleets to use the devices as well.
In the Mobile Devices dongles specifically, the UCSD team found a slew of serious security bugs. The gadgets had their “developer” mode enabled, allowing anyone who scanned for the devices to access them via SSH, a common protocol for remotely communicating with a computer. They stored the same private key on every device, which a hacker could immediately extract to gain complete “root” access on any of the dongles. And the Mobile Devices dongles were also configured to accept commands via SMS, a protocol with virtually no authentication. By sending texts to the devices from a certain phone number, anyone could rewrite their firmware or simply begin issuing commands to a connected car.
Hackers Cut a Corvette’s Brakes Via a Common Car Gadget [Andy Greenberg/Wired]
Ricardo Palacios, a 74-year old rancher, had gotten used to Customs and Border Protection officials tromping across his south Texas ranch lands without permission over the years. But finding a wireless surveillance camera set up in one of his trees? Not OK. Upon discovering the device, Palacios removed it immediately. It wasn’t long after that […]
Connecting voting machines to the internet is a terrible idea: the machines are already notoriously insecure, and once they're online, anyone, anywhere in the world becomes a potential attacker.
The only thing worse than driving a car with defective brakes is unknowingly driving a car with defective brakes -- and learning about them the hard way.
Many of us enjoy the aesthetic of vintage electronics, but trying to use most hardware from the 1950’s isn’t necessarily practical. This is especially true where speakers are concerned. While most of us can appreciate the old-school feel of retro speakers, they have a hard time matching the convenience and power delivered by today’s Bluetooth speakers. […]
Python is one of the most popular and versatile programming languages used by developers today, making it an ideal first choice for those looking to kickstart a career in programming. While you could go back to school or sign up for a pricey coding bootcamp, you can learn the essentials of coding with Python at […]
Going back to school isn’t necessarily an option for everyone. Between the time commitments and steep tuition rates, there are obstacles aplenty as far as furthering education is concerned. However, that’s not to say it’s impossible to learn new skills. Excel with Business lets users access thousands of hours of online learning in Microsoft, business, technology, […]