Vulnerability Management

Insecure dongle reportedly puts more than two million U.S. vehicles at risk

Digital Bond Labs security researcher Corey Thuen has found a way to unlock car doors, start a car, and gather engine information via a dongle known as "Snapshot" – a device used by Progressive Insurance to track driving habits for risk assessment and premium adjustment, according to Forbes.

The dongle is used in more than two million vehicles in the U.S., Forbes said.

A skilled hacker could compromise one to control a vehicle remotely, Thuen said, but a remote attack is only possible if a u-blox modem, which handles connections between the dongle and Progressive's servers, is compromised.

Ultimately, Snapshot's firmware is insecure – with no validation or signing of updates, secure boot, cellular authentication, and secure communications or encryption, Thuen said, noting that compromising Progressive's backend infrastructure could enable control over “devices that make it out to the field.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.