Corvette’s brakes hacked using an insurance dongle common in US cars

12 Aug 2015

A Corvette's brakes were hacked using an insurance dongle that is used in many vehicles to monitor speed and fuel efficiency

Corvette has joined Fiat Chrysler and Tesla among car manufacturers whose vehicles have been hacked by security researchers. The iconic US car’s brakes were hacked using an insurance dongle that is used in many vehicles to monitor speed.

Last month, Fiat Chrysler was forced to recall 1.4m vehicles after security researchers proved that they were able to execute a zero-day exploit on a Jeep Cherokee manufactured by Fiat Chrysler. The hackers were able to wirelessly take control of a jeep’s air conditioning, wipers, radio and dash console.

In recent days, white hat hackers showed they were able to take control of the Tesla Model S’s electric car’s main screen, manipulate the speedometer and even put on the handbrake if a car is going under 5Mph. Tesla moved swiftly to patch the vulnerability.

And now researchers have proved that there is an even easier way to hack vehicles and take control using common insurance dongles used to monitor speed and fuel efficiency that plug into car and truck dashboards.

According to Wired, at a Usenix security conference researchers from the University of California in San Diego hacked into a dongle connected to a Corvette.

By transmitting commands to the car’s CAN BUS they were able to turn on the Corvette’s windshield wipers and enable and disable the car’s brakes.

In effect, they were able to take control of the vehicle using just SMS instructions sent to a specific phone number on a SIM on the dongle.

As a result, they were provided with multiple ways to remotely control anything on the vehicle they were connected to.

The researchers warn that these dongles, which are increasingly common, are packed with a host of security deficiencies and this means that any car, not just a Corvette, a Tesla or a Jeep Cherokee, can be potentially hacked.

All CAN BUS-equipped cars have a standard diagnostics port called OBD2. In this case, researchers used a French-made OBD2 dongle made by Mobile Devices to allow start-up Metromile to use the device to monitor driving patterns for pay-per-mile insurance.

The fast and the vulnerable (video)

Corvette image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com