This is something that I've toyed around with a CANbus hacker called CANiTM (which is open source hardware) -- while I have Nationwide Insurance, I did call up Progressive and ask for a snapshot; they sent one to my house, and I was able to save me driving around a farm at reasonable speeds.
I then tweaked the CAN bus parameters a bit -- making the VIN number match the VIN of my current vehicle, and replaying that a few times during the trip so that it would seem like I'm a very patient, slow driver, who drives less than 5 miles a day at 8:30 and at 5:15, monday through Friday, and then sent it back to Progressive at the end of my 30 day trial.
Progressive quoted me an insanely small number for my auto insurance -- probably around $22/month -- which is about half of what Nationwide charges me for the same insurance.
It's my understanding that Progressive now is collecting GPS data with their snapshot tool, so I'm not sure that the same attack/replay would work for their system.
The interesting question is if you obtained insurance this way (almost certainly fraud IMO) and got in a big expensive wreck, would the insurance company really be on the hook to pay your costs? (And would they figure it out?) Not a bet I'd like to take...
It's about intent. If they can prove you manufactured data you fed to the dongle, then you're probably in for some trouble.
However, you can have a similar scenario where maybe I work at an office 5 minutes from home over the time I was carrying the dongle, I quit and go to a job 60 mins from home that crosses a few nasty neighborhoods, etc.
Is it my burden to report this to the insurance company so they can jack my rates because my risk rating surely went up?
Right now.. it likely isn't. I fear for the day when it is.
An interesting aside in all this is potentially getting a free cellular
data modem. Progressive provides a free 30 day trial of "Snapshot"
according to their FAQ [1], so it's possible to get the device itself.
Inside the device is (supposedly) a cellular data modem by u-blox [2]
according to the Forbes article.
Much hilarity and havoc could be wrought if you can get the modem
working outside of the snapshot device. Would you like to be the poor
sysadmin at Progressive who notices that one Snapshot enabled car keeps
trolling Homeland Security and downloading hermaphrodite dwarf porn?
We are confident in the performance of our Snapshot device – used in more than two million vehicles since 2008 – and routinely monitor the security of our device to help ensure customer safety.
There's something about the phrasing of PR statement that really added credibility to the Thuen's claim. Highlighting that it's a seven year old system, or that you "routinely monitor the security of the device" doesn't have anything to do with the actual security of the system.
"Routine monitoring" sounds worthless, because they probably don't mean "routinely dumping the firmware, physically, from the device".
In any event, we'll see soon whether this is a legitimate CANbus bridge, and if so, all the previously-released exploits come into play.
Security through declaration. I'm sure Target would have responded similarly prior to their POS breach that exposed millions of credit card details. "We are confident in the performance of our POS terminals - used in more than 5 zillion transactions since 2008 - and routinely monitor the security of our POS terminals to help ensure customer confidence."
Unfortunately they weren't routinely monitoring the security of their HVAC systems, which is partly how the attackers gained access to the POS terminals.
And automotive systems like these will eventually be breached via the insurance companies' HVAC systems, or something equally and superficially non-related, or by the dealer's unrelated systems, or by drivers' smartphones, otherwise known as drivers' internet connected and therefore compromised computers, or even drivers' music-containing USB thumbdrives (one of which is plugged in to my vehicle's sound system right now).
These days a car is merely a computer, or collection of computers, with wheels. Now that they're networked, either in real time or periodically, the fun begins.
I think it's pretty ridiculous to connect motor vehicle gateways, even indirectly, to a network. The Toyotas which can be started with canbus packets can also be shutdown. The diagnostic test routines are not something that I want a troublemaker or enemy to send to my car at any time.
There is no way for the carmakers to secure the applications that use these vehicle networks. Most of them are large enterprises with thousands of sites and some contractors are global enterprises too. Not only do service tools (diagnosis/firmware) get widely leaked, but manufacturing and development tools too: huge enterprises will get their vpn's hacked and their employees will be subject to laptop theft. Since the industry cannot keep a secret, it will never be able to provide security.
The way to secure it would be one-way communications, right? Design a system with separate data-collection and data-transmission components, and a completely read-only one-way data channel between them.
Right, and/or just make the connection to the vehicle bus read-only in hardware. i.e. leave the CAN controller's TX line disconnected.
I can't see a reason why a device like this would need to transmit on CAN.
Polling for specific data possibly? I don't personally know what data typically exists on CAN if you monitor it passively, but it seems reasonable that you might need to ask devices on the network for the data you're looking for.
This. The legislated application layer which must be present requires that the control module be addressed and specific data requested.
While you might have experience with a modern car that broadcasts some of the data interested by the dongle, this is not universal. Where this happens it may be on a different network segment than what you access physically on the OBD2 connector. There may or may not be a gateway between networks in the car, and it may or may not need to be activated, which is not part of the universal application mandated by CARB/EPA.
In addition the dongle may be interested in some information that may not be broadcast. For instance the instrument cluster should receive periodic updates about the current road speed. However it's less likely that something I'd be interested in if I were an actuary is broadcast: the throttle position!
While the universal CARB/EPA application cannot generally command control modules, this dongle has access to the PHY and could send packets that correspond the manufacturer-specific applications that could be dangerous while a motor vehicle is in operation.
With the UART based and PWM protocols that preceded CAN, there were some nuances with the manufacturer-specific protocols on those PHYs that did not line up with the CARB/EPA mandate, so the more generic gateways will not be able to construct these kinds of messages. Now, everything is plain CAN, there is nothing strange about it like "tickle the auxillary line with the destination address at 5 bps to wake up that module." Any CAN node will do.
Looks like it only takes 66 years for science fiction movies to become reality. The Batman and Robin movie serials of 1949 had an evil villain who had the technology to take control of all vehicles within a 50 mile radius. Today, we're darn close to Doctor Evil going worldwide with this. Where's Batman and Robin when you need them?
I'm surprised he hasn't rearranged his garage to fit his truck in so he can do his testing from there. It's hard to tell for certain from the picture but it looks like it should fit height-wise.
Does anyone find it odd that insurance companies can demand this kind of information?
I pay them a fee (not willingly either - it's required by state law) to provide coverage for me in case of an accident. I tell them how much coverage I want and pay the amount required for that.
Seems to me that should be the end of it, as with any service.
I don't find it very surprising. Sure you pay them a fee for them to provide coverage for risk, but they will offer you a discount if you allow the risk to be calculated more accurately.
It's not unlike health insurance or long term care insurance requiring you to get a physical before you can get a policy.
Young men are over represented in road traffic accidents and deaths, so they pay much more for insurance. If you're a young man and a careful driver your current choice is either pay a lot or get one of these devices and pay less.
It's currently an opt-in choice by drivers. I fear the day all cars are connected, and it's no longer a choice, but a mandate by insurance companies. Cars are already being required to include "black boxes" to record data for use in accidents. I absolutely anticipate more insurance companies to push for access this type of data as part of the terms of covering drivers.
Insurance is basically a game of profiling. The entire concept of insurance starts from a basis of a large, single class of people who cooperate to distribute the costs of improbable incidents over the group. Insurance companies don't treat everyone as one large, single class though. They break people down by age, gender, miles driven on average, geographic region, and tons of other metrics that are used to assess your risk level. Higher risk level? Hire risk class. Higher premium.
Also, you're not really insuring yourself. At least not in the way you think. In most cases, you're insuring yourself against liability, which means you're really insuring the other guy. If you get in to an accident, your insurance pays the other guy's medical bills, not yours. You can usually get some small amount of coverage for yourself, but it's a fraction of the liability coverage.
There are plenty of insurance options that operate the way you want. If you don't want to be monitored, don't sign up for insurance that uses monitoring.
That's a foolish attitude to have about this. The more people use this type of system, the more pressure there will be on those of us who don't want to be spied on, or have our cars hacked. Eventually, it might not be possible to get insurance without a spy system like this, and that's a perfectly valid reason to want to push back against it now. Banning this practice completely would be ideal.
That's your standard slippery slope argument. Which isn't automatically invalid, but you need to show that the slope will be slipped down, and that action needs to be taken now to stop it, rather than simply reversing it if and when you slip down.
If a significant number of people dislike these systems, some insurance company will find a competitive advantage by catering to them. If the number isn't significant... is it right to legislate just for them?
There's nothing invalid about a slippery slope argument when a cursory examination of history will show that the slope will be slipped down.
The slippery slope argument is only a fallacy because it's not a tautology: ie, it's theoretically possible for a government to not misuse laws and draw more power to themselves over time, and it's theoretically possible for insurance companies to not discriminate against their customers. Mind you, that's never happened once in all of recorded history, but it's theoretically possible. If you account for human behavior, any argument that you'd call a slippery slope fallacy isn't invalidated by that.
Besides, consider what insurance companies are doing these days. Imagine if insurance companies had perfect information on who was going to crash their car and who wasn't. What would they do then? Why, they'd sell insurance to those who they knew would never crash, and refuse to cover anyone who would. Now, what would be the point of their existence, from society's standpoint? None at all, save enriching themselves. They would be pure parasites, of no value to society whatsoever.
Why is that relevant? Because with everything they do to more accurately predict who is more of a risk, they inch themselves closer and closer to becoming useless parasites on society. The entire point of having insurance companies is that a group of people can pay into a pool that actually protects them when they need it. The insurance companies are trying to make it so they never have to pay out to anyone. Why should we as a society let them do this? They need to be limited in their ability to discriminate against people, and drawing a line at spying on their customers is a minimally decent line to stop them at.
Much better would be if they were forced by law to insure anyone who wanted insurance, and they could only charge the highest risk class twice as much as the lowest risk class for insurance, but ending spying would be better than nothing.
I wonder what this means for Metromile (https://www.metromile.com). I drive 1-2 times per week, and I'd considered switching from Geico to Metromile for the cost savings, but this gives me real pause.
I then tweaked the CAN bus parameters a bit -- making the VIN number match the VIN of my current vehicle, and replaying that a few times during the trip so that it would seem like I'm a very patient, slow driver, who drives less than 5 miles a day at 8:30 and at 5:15, monday through Friday, and then sent it back to Progressive at the end of my 30 day trial.
Progressive quoted me an insanely small number for my auto insurance -- probably around $22/month -- which is about half of what Nationwide charges me for the same insurance.
It's my understanding that Progressive now is collecting GPS data with their snapshot tool, so I'm not sure that the same attack/replay would work for their system.