One topic that I keep coming back to is the fact that the security of cars is something that seems to be lacking. I highlighted this last week and today I found a new reason to bring this topic up again. There’s an aftermarket device called the Lemur Vehicle Monitors BlueDriver that that connects to a vehicle’s OBD-II port and provides information about the vehicle’s performance. You pair said device to your smart phone via Bluetooth and you can get all sorts of interesting data. That’s cool, except for the fact that anyone can access the device over Bluetooth as it doesn’t require any sort of authentication such as a PIN code. That means that anyone can have access to whatever your car might be doing and in theory attack the car and take control of it. There is a CERT Vulnerability Note that gives the details as well as their recommendation which is not to use the device. I cannot find a response from the company as to what they plan to do about this. That does not inspire confidence.
This is yet another example of why automotive security needs to be taken seriously as sooner or later, we will go from seeing theoretical risks to real ones. By then it may be too late to do anything about them.