Car hackers have struck again, this time stopping a Chevrolet Corvette in its tracks, then not letting it stop at all.
The vehicle was fitted with a dongle from Metromile that plugs into a car’s OBD2 port to provide a stream of data that the company uses to charge insurance rates based on how a person drives. Such "by-the-mile" and "safe driver" plans are becoming increasingly popular across the United States, and this particular company provides the service to some Uber drivers.
Wired reports that researchers at the University of California at San Diego (UCSD) reverse engineered the cellular-connected device, discovered several security flaws, and developed a way to use it to control several of the 2013 Corvette’s systems by simply sending it text messages.
In a video demonstrating the exploit, they operated the windshield wipers and both applied and deactivated the brakes at low speeds. Although they only attacked the one car under controlled circumstances, they claim they would’ve been able to do similar things to just about any vehicle using one of the dongles, including taking control of the steering or transmission.
The researchers notified Metromile about the flaw in June before they publicized it, and the company says that it’s sent out a patch to fix it. However, the dongles, which were made by Mobile Devices of France, are used by other insurance providers and fleet management firms around the world, and the UCSD team says it has spotted thousands of still-vulnerable vehicles via the Internet.
Mobile Devices has yet to comment on the hack.