Progressive Insurance’s “Snapshot” is Insecure – Hacker’s Says

Yeah, have you ever heard about snapshot? No, it is not something like capturing a view or photo related, but it is a device which is provided by a big auto insurance company, the Progressive. I think most people now this large auto insurance provider that lately offers such innovated device that will be helpful to obtain more discounts that currently become the most tempting feature provided of this solid company. Lots of people get it fine and of course they struggle to drive nicely, so the device will record the smooth driving for the sake of more discounts of the normal premium rate. Then, the question is, is it secure to add the device inside the car? Is there any flaws which have not beed revealed? Below is a short post related to snapshot that you must know!

It was Corey Thuen that braves himself to fight the temperatureof sub zero in the middle of snow flake pouring in Idaho. Some passerby might be perplexed with a man driving with a laptop on the hands tinkering with his old toyota tundra. He is actually a security researcher at Digital Bonds Labs, and he just presented his new finding entitled Remote Control Automobile. Yeah, he was tinkering with his car and also a laptop on his hands to find out whether the snapshot which is lately popular is secure or not. As he is an expert of automobile, then he decided to hack the device by connecting it to his laptop. The original function of the device is to record your driving manner, and then it will help the company to decide if you are qualified to obtain additional discounts. Moreover, it has been used more than two million vehicles in US. However, the device seems to be lack of security, and its insecure condition possibly used by hacker to take control on vehicular function.

Progressive Insurance’s “Snapshot” is Insecure – Hacker’s Says

Further, thuen also explained how the possibility that happened once he connected the device directly to his car. It is able to control the vehicular functions like unlock the door, start the engine, and even gather engine information. Then, he also adds that to control the vehicle is not the main purpose of his experiment, but he wants to figure out is possible to happen with that snapshot device. As he is an expert of automobile, it is easy for him to extract the firmware of the device and he found that the device is lack of security. There is no validation, update, insecure boot, no cellular authentication, insecure encryption and communication, no preventing data execution, and he can tell that snapshot is basically made with no security.

The insecure condition of the device makes high possibility for attacker to gain remote control on the vehicle and then the entire fleet of the vehicles. The consequences range widely from losing data until life and even limb. The attack vector of the progresssive backend infrastructure is another reason that endanger the driver as the hacker is possibly controling the device and making it out to the field.

However, it is likely that the provider offering snapshot, progressive auto insurance, stands still for its innovative feature that so far is used by million people with million vehicles. It also defens that security is the paramount of the company, so there is no need to feel insecure as the device is made to help ensuring customer safety. The company is also willingly to invite Thuen to give the evaluation, so progressive could make such innovation for security matter. It also becomes the concern on the another site in US that states hacking over the location data on a car is kind of privacy invasion, and hacking on the system on a car is a real thread for life. It is dangerous! The worst things that a hacker could do is taking steer control as well as the brake. It endangers the drivers life as well as others down the road. However, the company says that snapshot is simply a device that will personalize your driving habit based on your actual one. It also adds that the better you drive, then the more you can obtain from the company.

Leave a Reply

Your email address will not be published. Required fields are marked *