Chevrolet Corvette ZR 1 (hadrian/Bigstock.com)
Researchers in the US have hacked a Corvette, activating its windscreen wipers and applying its brakes by way of a text massage.
The team from the University of California, San Diego discovered it was possible to remotely control vehicles that were fitted with certain dongles attached to diagnostic ports.
These dongles are connected to the on-board diagnostics ports (OBD-II) of vehicles – such as cars and lorries – at the behest of fleet operators and insurance firms, in order to track fuel usage, mileage and other information.
However, the hackers found they could take control of a vehicle’s vital systems by sending an SMS message to the dongle. In the Corvette used in the demonstration, researchers took control of windscreen wipers and even brakes – which they could apply, or cut out altogether at low speeds.
Stefan Savage, computer security professor and leader of the project, told Wired: “We acquired some of these things, reverse-engineered them, and along the way found that they had a whole bunch of security deficiencies.”
Insurer Metrolmile gave policyholders the dongles in question as part of its 'pay-per-mile' cover. The dongles were manufactured by Mobile Devices.
Some Uber drivers have also been given the dongles as part of their insurance plans.
According to the researchers the dongles might allow more malevolent hackers to take control of virtually any aspect of a car – including locks and steering.
The dongles were given out to policyholders in insecure 'developer mode’, according to researchers.
Dongles are used by a wide range of private and public organisations in order to monitor and reduce fuel consumption.
Mobile Devices and Metromile were told about the issue in June and in response have sent out a security patch – delivered wirelessly to consumers’ Internet-connected gadgets. This fix should prevent any further security breaches on the Corvette.
There have been a number of car security issues highlighted recently. Last month a Jeep Cherokee had its engine disabled remotely in a similar hack by researchers.