Security researchers have discovered a way to cut the brakes of a car by hacking into it through an Internet-enabled dongle. A team from the University of California at San Diego (UCSD) gained access to the onboard computer of a 2013 Corvette by sending text messages to a plugged-in gadget that measures a car’s location and speed for insurance companies.
“We acquired some of these things, reverse engineered them, and along the way found that they had a whole bunch of security deficiencies,” UCSD computer security professor Stefan Savage told Wired.
Savage’s team worked with dongles manufactured by French firm Mobile Devices, whose products are used by auto manufacturers and many third-party vendors. Although the USCD group was only able to cut the Corvette’s brakes when it was driving at slow speed, the hack’s success indicates that more security flaws are a real concern when it comes to connected cars. A few weeks ago, Wired published an article detailing how two security researchers conducted a demo in which they hacked into a Jeep that a Wired reporter was driving.
The device in question is marketed by San Francisco insurance company Metromile, which offers pay-per-mile insurance based on data logged by the dongle. The company entered into a partnership with Uber earlier this year.
The USCD researchers are presenting their findings at the security conference Usenix on Tuesday. They reached out to Metromile in June, after discovering the vulnerability; the company promptly pushed out an auto-generated software patch to customers.