Security researchers recently found a vulnerability in some car dongles that could enable hackers to control the brakes of a vehicle by sending a simple text message to the device.
Car dongles are a USB-like device that plug into a vehicle’s on-board diagnostics (OBD) port under the dashboard. A lot of car owners these days are using dongles to make their cars smarter.
The plug-in devices can do things like diagnose engine problems, remember where you car is parked, track mileage for insurance purposes, or even contact emergency services in case you get in an accident.
But a team at the University of California San Diego discovered that cellular-capable dongles can also be an easy entry point for hackers to attack your car.
The specific dongle that the researchers tested were those made by Mobile Devices and distributed by Metromile, which uses the devices for its pay-per-mile insurance business.
They found two security holes that needed to be patched in the device. The first was in the update protocol in devices and the second was in the configuration options, which includes the use of text messages (SMS).
The researchers demonstrated that you can send commands to the dongle via SMS that can control the brakes and the windshield wipers.
Metromile, though, told Tech Insider that it has fixed the vulnerability and that users are no longer exposed.
“We took immediate action and released updates to all devices in the field to resolve the discovered remote exploits and can confirm that most of the devices have successfully downloaded and applied the patch and we expect the remainder of devices to be patched by mid-August,” the company said in a statement to Tech Insider.
Watch the video below to see the researchers use text messages to control a Corvette that has the dongle plugged in.
Business Insider Emails & Alerts
Site highlights each day to your inbox.