Security researchers from the University of California at San Diego hacked into an onboard dongle used by insurance company Metromile, and videoed themselves using SMS messages to cut a car's brakes.

The researchers presented their findings at a data security conference today, releasing a video that shows them sending commands via SMS to a Corvette equipped with an OBD II device, according to a Wired report.

The device is manufactured by Mobile Devices, a French company, which counts usage-based insurer Metromile among its customers. In the video, researchers demonstrate that they can control the car's windshield wipers and brakes by exploiting the vulnerability.

Metromile CEO Dan Preston told Wired in an interview that the university researchers contacted his company earlier this year, and Mobile Devices provided the insurer with a patch that was sent to all active devices in June. Mobile Devices' product is also used for fleet telematics, and it was unclear if any other customers have been issued the patch.

In January, researchers at Digital Bond labs reported that Progressive's Snapshot device contained vulnerabilities that could allow access to auto controls, but did not demonstrate a takeover.

Register or login for access to this item and much more

All Digital Insurance content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access