Millions of cars at risk just to save a few bucks on insurance

We all wish we were paying less for car insurance. Most of us are paying hundreds of dollars a year for insurance we’ll probably never use, and if we do try to use it the insurance company will do its best not to pay the claim, and then jack up your premiums. But, is it worth putting the safety of your vehicle at risk just to save a few bucks?

I wrote a blog post about how the Snapshot dongle from Progressive Insurance is insecure and puts cars at risk:

There are more than 2 million vehicles on the roads in the United States taking advantage of the Snapshot dongle to earn cheaper rates from Progressive Insurance. The little device monitors and tracks driving behavior to reward safe drivers but a security researcher has revealed that it is insecure and could also put the vehicle in danger.

According to the Progressive Insurance website, you just plug the Snapshot device into the OBD-II port in your vehicle. Most recent vehicles have one—it’s a diagnostic port typically found somewhere beneath the steering column. Snapshot then logs your driving habits, such as what time of day you drive, how you drive, and how hard you brake. Assuming you drive safely, Progressive will reward you with discounted rates on insurance.

Corey Thuen, a security researcher, scrutinized the Snapshot and the access it has to the vehicle computer systems, however, and discovered some serious concerns. Thuen reports that the device is completely lacking in security and can be exploited by a hacker to take control over crucial vehicle functions—possibly putting the lives of people inside the vehicle at risk.

“The story, highlighting how a Bluetooth dongle used to gather vehicle data can be compromised, provides another example of how, as our cars become increasingly connected, we open the door to threats that have long existed in the PC and smartphone world,” warns David Emm, principal security researcher at Kaspersky Lab. “As well as gaining remote access to the vehicle, cybercriminals could potentially exploit features such as self-parking, active lane control, pre-collision systems and adaptive cruise control, all of which require some level of communication between a sensor and the car’s mechanical systems.”

Read the full blog post on CSOOnline: Insecure Snapshot dongle puts 2 million cars at risk.

Scroll to Top