Covid-19 Outbreak SA Online Resource | More info
Insurance, Car Insurance, Funeral Cover, Life Insurance, Budget Insurance, Insurance Quotes, CompareGuru, South Africa.
Car and Household
Business
Life and Funeral
Car Insurance
Cover your vehicle
More Information
Get Quote
Pre-Owned Warranty
Cover the mechanical and electrical components of your vehicle
More Information
Get Quote
Extended Warranty
Cover the mechanical and electrical components of your vehicle
More Information
Get Quote
Scratch and Dent
Cover small dents, chips and scratches to your vehicle
More Information
Get Quote
Tyre and Rim
Cover damages to your wheels
More Information
Get Quote
Home Insurance
Cover your home and everything in it
More Information
Get Quote
Commercial Vehicle Insurance
Protect vehicles and drivers used in the day-to-day operation of your business against risks like financial loss, damage or personal injury.
More Information
Get Quote
Commercial Insurance
Provide cover against common risks and disruptions to business operations, such as theft, damage to property, employee / client injury and much more.
More Information
Get Quote
Directors and Officers Liability
Safeguard your business and key players from financial loss with the right policy.
More Information
Get Quote
Errors and Omissions Liability
Covers your business and employees against claims of negligence, poor workmanship, and more.
More Information
Get Quote
Life Insurance
Provide for your loved ones
More Information
Get Quote
Disability Insurance
Protect your paycheck
More Information
Get Quote
Serious Illness Insurance
Cover yourself for illnesses like cancer, Alzheimers, Parkinsons, strokes or heart attacks.
More Information
Get Quote
Funeral Cover
Protect your family financially and cover funeral expenses
More Information
Get Quote
Domestic Worker Insurance
Cover the person that looks after you and your family everyday
More Information
Get Quote
Menu
Home
About Us
Domestic Worker Cover Quote
Life Insurance Quote
Car Insurance Quote
Funeral Insurance Quote
Extended Warranty Quote
Pre-Owned Warranty Quote
Scratch and Dent Quote
Tyre And Rim Quote
News Room
Meet The Team
Careers
Providers
Insurance
Car Insurance
Building Insurance
Household Contents Insurance
Life Insurance
Disability Insurance
Serious Illness Insurance
Domestic Worker Insurance
All Risk Insurance
Funeral Insurance
MotorVAPS Cover
Commercial Insurance
Commercial Vehicle Insurance
Directors and Officers Liability Insurance
Errors and Omissions Liability Insurance
Support
Contact Us
Terms of Service
Privacy Policy
Disclosures
Client Letter
POPI Act
PIA Act
CIM Policy
Complaint Escalation
TCF Form

News Room

Next to Get Hacked: Your Car

Compare Guru
2015-01-28
Modern vehicles are built with a range of computerised systems that control and monitor security, fuel, engine management and more. Unfortunately, these systems are vulnerable to compromise.

Written by Andrew Smith and Blain Price

 

Theft of vehicles is about as old as the notion of transport — from horse thieves to hijackers. No longer merely putting a brick through a window, vehicle thieves have continually adapted to new technology, as demonstrated by a new method to steal a car without the need to be anywhere near it.
 
Modern vehicles are built with a range of computerised systems that control and monitor security, fuel, engine management and more. Most new cars are fitted with Bluetooth connectivity and USB sockets, so it was only a matter of time before reports of criminals abusing these systems appeared.
 
The use of so-called Bad USB memory sticks to hijack systems has been reported, but the most recent issue involves a port fitted in virtually every car on the road today, the 30-year-old On-Board Diagnostic port (OBD-II). So put away that coat hanger — car theft has got a lot more technological.
 
At the recent S4 security conference, researcher Corey Thuen shared his concerns regarding a specific OBD-II dongle provided by US insurer Progressive Insurance. Designed to track driving habits, the dongle “phones home” to report back to the company via the mobile phone network, and the driver is awarded a lower premium if his or her driving habits demonstrate no dangerous driving — speeding, hard accelerating or braking.
 
Unfortunately, the port also provides read and write access to the car’s engine management system. If a remote attacker was able to use a man-in-the-middle attack — intercepting traffic between the car and the company’s servers while passing themselves off as one or the other — they could compromise the dongle, and so have complete control over the car’s engine. Potentially, this attack could compromise not just a single vehicle but fleets of vehicles, depending on what data was exposed from the company’s servers.
 
The main issue is for manufacturers to design products with security in mind, and provide updates swiftly once security flaws and vulnerabilities such as these are discovered. Some manufacturers are much better at doing so than others.
 
In this case, the dongle does not attempt to validate or demand signed firmware updates, its boot process is not secure, it doesn’t authenticate the mobile phone connection, nor encrypt the data it sends, nor is it hardened in any way against potential attacks.
 
“Basically it uses no security technologies whatsoever,” Thuen remarked. It’s essentially an open door.
 
Other security compromises based on computer systems in cars include using Bluetooth MP3 players, where malware disguised as a music track is loaded into the car’s systems to compromise them, or through applications on smartphones that use the Bluetooth connection to access the car’s systems.
 
On top of the distinctly disturbing idea of your car being hijacked and remotely controlled, there are also privacy concerns about the data the car collects about you. As well as information about driving habits, GPS data can locate you and build a pattern of your comings and goings, posing further risks.
 
There’s long been a problem here due to closed, proprietary systems to which you the owner and user don’t have access — something open rights campaigners such as the journalist Cory Doctorow have noted.
 
Usually, security advice includes not clicking on dodgy links, and keeping your antivirus and other software up to date. But with a car you are choosing to place your body inside a one-ton computerised cage travelling at 120km/h, which may no longer be in your control.
 
The solution, long understood by security researchers, is that software needs to be open to inspection so that bugs and flaws are easier to find and report, and so the software is fixed and improved more quickly. Closed, proprietary software puts users at unnecessary risk by obscuring potential problems that may not be made public, but could equally have been discovered by criminals who are only too happy to exploit them. Drivers need to understand how the modern car has changed and continues to change, and to lobby the car industry to change their approach.

 

Originally posted on Tech Central: http://bit.ly/1DgI1Ye

CompareGuru Social TwitterCompareGuru Social FacebookCompareGuru Social LinkedIn

Sign up to our Newsletter now, and don’t miss a beat.

Email Address
Name
Sign Up