Skip to main content

Researchers wirelessly hack a Corvette's brakes using an insurance dongle

Researchers wirelessly hack a Corvette's brakes using an insurance dongle


The company has patched the fix, but the hack could be used on other cars

Share this story

Researchers at the University of California at San Diego have found a way to wirelessly hack thousands of vehicles by exploiting the on-board diagnostics (or OBD) devices that insurance companies use to monitor speed and location. In a video posted to YouTube (seen above), they were able to activate the windshield wipers and engage or disengage the brakes of a 2013 model Corvette by sending an SMS message to the OBD dongle's cellular radio. More details about the vulnerability will be revealed at the Usenix security conference today, according to Wired.

The OBD attack isn't limited to just Corvettes, or Chevrolets for that matter. The researchers also told Wired that, while they were only able to tamper with the Corvette's braking system at low speeds, the hack could be modified to grant access to other systems like the locks, steering, and transmission of most modern vehicles.

The hack could be modified to access most modern vehicles

The specific dongle in question is made by French company Mobile Devices and distributed by a San Francisco insurance startup called Metromile, the latter of which has a partnership with Uber. The researchers say they alerted Metromile to the vulnerability in June, and the company responded by wirelessly pushing security updates to the devices in question (including the ones in various Uber vehicles).

Still, this kind of vulnerability isn't just about general consumers. In March, the White House mandated the use of these OBD monitoring systems in federal agencies with fleets of 20 vehicles or more. But the bigger issue at play is that car owners who are willing to plug a wireless device into their car's internal network will always be stuck relying on that third-party company to stay ahead of these types of vulnerabilities.

The UCSD hack is the newest in a recent rash of security vulnerabilities in cars that is raising questions about whether automakers and suppliers — who don’t necessarily have the experience wrestling with cybersecurity that Silicon Valley does — should be moving as quickly as they are to connect their products to the internet.