Insurer warns against using OBD2 dongles

November 08, 2017 //By Christoph Hammerschmidt
By retrofitting with "Smart Dongles", even older vehicles can go online. But this makes them vulnerable to cyber attacks, says Allianz Insurance. The number of attacks on networked vehicles will increase, warns the insurance company.

At a company event, Allianz Deutschland AG CEO Joachim Müller warned against the use of dongles, which are plugged onto the diagnosis interface of the vehicles (OBD2 interface) and usually establish a connection to the driver's smartphone via Bluetooth. On the phone, an app is installed, which enables functions such as electronic driver's logbook, or monitoring of fuel consumption. Such dongles access the CAN bus directly, which also controls important driving functions such as ESP or brake assistants. According to Müller, anyone who accesses the CAN bus can in principle also manipulate these safety-critical functions and trigger an unintentional braking manoeuvre.

Müller pointed out that protection measures against hacker attacks are often inadequate, especially for older vehicles. The insurance company therefore expects the number of cyber attacks against networked vehicles to increase in the coming years. In this context, Müller demanded that car manufacturers secure their architectures and that the vehicles can be retrofitted over their entire service life with current processes and security mechanisms such as secure encryption and certificates.

The automobile industry is also concerned about the spread of OBD2 dongles for the implementation of special functions. The German Automobile Industry Association (VDA) has announced that the OBD2 interface in newer models will be switched off for safety reasons while driving, thus drying up the business model of the dongle suppliers.

Related articles:

Opinion: CAN fault confinement: It is a feature, not a flaw!

"Vatican" stops hacker attacks on cars

Cyber threats against cars are here to stay, experts say