In today’s era of the “connected car”, various devices, specifically OBD-II readers, are in the market touting ways to make your driving life easier. Just because they all plug into the same port doesn’t mean they all do the same things.
Most log miles, monitor fuel consumption, and decode to “check engine” lights. The differences come in the other features provided by each company. Whereas others assess driving behavior and give users a score of judgement, Metromile doesn’t bother with this type of scrutiny. We focus on using measured miles to deploy pay-per-mile insurance; your behavior is not tracked at all by the device to determine risk. We also provide street sweeping alerts (in San Francisco and Chicago) so drivers can avoid those costly tickets.
Software programs (firmware) enable these feature differences, and like any software, security precautions can be put in place to safeguard the integrity of information and prevent abuse.
Recently, telematics devices from Progressive and Zubie have come under scrutiny for being susceptible to being exploited because they rely on unsigned firmware updates being downloaded in the clear.
With Progressive specifically, researchers at Florida-based Digital Bond Labs say they have uncovered major problems the SnapShot device that Progressive Insurance uses to measure the driving habits of participating customers. By reverse-engineering the device, they gained access to a network that allows control of critical vehicle functions, like steering, braking and throttle inputs. The SnapShot device has been used in more than two million vehicles since 2008 – that makes a lot of cars open to hacking.
We’ve been asked if a similar loophole exists in our security protocol and we want to reiterate that, at Metromile, we take the security of our products and services very seriously. Our telematics device, the Metronome, is not susceptible to the type of exploits tested on Progressive’s SnapShot device since both firmware and configuration updates to the Metronome are done via encrypted channels and all downloaded artifacts are digitally signed.
Connected telematics devices such as our Metronome are powerful because data is accessed to measure and simplify many aspects of driving and owning a car. We firmly believe in implementing security protocols to ensure the safety of your personal data and defend against any attacks.
For questions, please visit our Community Forum or email email@example.com.