Another day, another drama in the world of car hacking. After we’ve all been blown away by how hackers can gain access to a car’s Telematic Control Units, four researchers from the University of California hit the pedal to the metal and proved there is an even easier way to hack a Chevrolet Corvette. They stopped the cars’ breaks by texting its dongle.
The researchers are not pointing their finger and shaking their heads only at Corvette. According to them, most cars that have a dongle plugged in their dashboard show the symptoms of this Achilles’ heel. Using the dongle to track a vehicle for insurance purposes might not be the smartest way, as demos keep pointing out.
The cars can be extremely vulnerable and controlled remotely without much hassle. More than a simple bug, these security deficiencies can lead to disastrous outcomes if not contained in time. By simply sending a text message directly to the dongle attached to the car, hackers can gain access to some of the vehicle’s parts.
Insurance companies use such dongles to keep an eye on the cars’ location, their performance and their speed. Researchers were able to carry out a test and hack a cheap dongle attached to a Corvette.
By texting its dongle, they managed to send commands to the vehicle’s internal network which has control over its physical driving parts. This move enabled them to take control over some parts of the car. They were able to turn on the Corvette’s windshield wipers and disable the brakes.
The experiment was carried out on a 2013 Corvette. The researchers claimed the brake trick only succeeded at low speeds because of some limitations in the vehicle’s computer functions.
Even so, they strongly believe the attack can be molded and adapted for almost any car. This translates into hackers being able to gain control to your car’s locks, steering and even transmission controls. How did the dongle manufacturer react?
According to the researchers, they contacted Metromile in June and told them about the cars’ vulnerable spot that can be activated by simply texting its dongle. The dongle distributor seems to have wirelessly distributed a security patch to its gadgets, stating they treated the issue very seriously from the very beginning.
Uber, who uses the same dongles that were hijacked in the researchers’ experiment said their Metromile gadgets have been brought up to date and any existing flaw has been removed.
At the same time, the group of researchers begs to differ. They hold their ground saying the vulnerable spot can be found in vehicles all around the world, from federal agencies to government cars.
As long as a car uses a gadget connected to the internet, hackers can remotely controll it by texting its dongle, leaving the car exposed to the hijacker’s plans.
