UPDATE: A previous version of this article claimed that a researcher wirelessly breached the security on Progressive Insurance's Snapshot device. In fact, the researcher breached the device through a local connection, although other experts have pointed out that separate research suggests that wireless hacking of the devices is a possibility.At CES 2015, General Motors said it \u201cexpanded its OnStar in-vehicle concierge service\u201d so that it will offer a \u201cdriver assessment\u201d program by the end of summer 2015. OnStar 4G LTE users can sign up for a 90-day driving evaluation, which \u2013 if the user agrees \u2013 can be passed on to Progressive for a possible Snapshot insurance discount. Snapshot is already in use by monitoring driving in over two million vehicles in the U.S.But Progressive\u2019s Snapshot dongle is dangerously insecure, according to Corey Thuen of Digital Bond Labs.\u00a0 Wikia \/ Progressive After reverse-engineering Progressive\u2019s Snapshot device, Thuen plugged it into the OBD-II diagnostic port of his 2013 Toyota Tundra and tested its wireless communications. Thuen outlined the security flaws in Progressive\u2019s dongle during his talk on Remote Control Automobiles at the S4X15 Conference. He said \u201cit would be possible to intercept data passed between the dongles and the insurance providers\u2019 servers, likely including location and performance information, as they \u2018do nothing to encrypt or otherwise protect the information they collect\u2019.\u201d\u201cThe firmware running on the dongle is minimal and insecure,\u201d Thuen told Forbes. \u201cIt does no validation or signing of firmware updates, no secure boot, no cellular authentication, no secure communications or encryption, no data execution prevention or attack mitigation technologies\u2026 basically it uses no security technologies whatsoever.\u201d The device also uses insecure FTP protocol.Snapshot runs on CANbus, explained Dark Reading; it\u2019s the \u201csame network where key vehicle functions -- including braking, park assist steering, and ECU -- are housed. It sends messages over the CAN to request information from the vehicle's computer systems, such as revolutions per minute, to calculate the driver's ultimate insurance policy rate.\u201d"Anything on the bus can talk to anything [else] on the bus," Thuen said. Since there\u2019s no encryption or authentication, "You could do a cellular man-in-the-middle attack" on the communications of Progressive\u2019s dongle. But a remote MITM attack would only be successful if an attacker spoofed a cell tower. \u201cWhat happens if Progressive's servers are compromised? An attacker who controls that dongle has full control of the vehicle."He didn\u2019t weaponize his exploits, Thuen told Forbes, but \u201cby hooking up his laptop directly to the device he says he would have been able to unlock doors, start the car and gather engine information.\u201d He added that previous Argus Cyber Security research did go further than his focus on security flaws by testing exploits that would allow an attacker to remotely control a car. Argus previously discovered a vulnerability in the Zubie connected car service that \u201ccould allow an attacker to wirelessly and remotely influence a vehicle\u2019s mission critical components such as the engine, brakes steering and others.\u201dYet Thuen called the outdated tech being used in Snapshot \u201chighly troubling\u201d as it is vulnerable to attack. \u201cA skilled attacker could almost certainly compromise such dongles to gain remote control of a vehicle, or even an entire fleet of vehicles. Once compromised, the consequences range from privacy data loss to life and limb.\u201d\u201cAlso, there is the attack vector of Progressive backend infrastructure,\u201d he added. \u201cIf those systems are compromised, an attacker would have control over the devices that make it out to the field. In simple terms, we have seen that cars can be hacked and we have seen that cell comms can be hacked.\u201dXirgo Technologies, which manufactures Progressive\u2019s Snapshot devices, failed to respond after Thuen disclosed the security flaws he found. Yet Progressive took Thuen to task for public disclosure. The company told Forbes:If an individual has credible evidence of a potential vulnerability related to our device, we would prefer that the person would first disclose that potential vulnerability to us so that we could evaluate it and, if necessary, correct it before the vulnerability could be exploited. While it\u2019s unfortunate that Mr. Thuen didn\u2019t share his findings with us privately in advance, we would welcome his confidential and detailed input so that we can properly evaluate his claims.Although Thuen only tested Progressive's Snapshot, he said he suspects the same security weaknesses will be found in other companies' devices that monitor driving to determine insurance rates.