Rookie Dongle Warns Parents When Their Kids Are Driving Too Fast

An anonymous reader writes: Dongle Apps, a Belgian tech company, has introduced a new system which alerts a car owner if the vehicle's driver is breaking the speed limit. Initially designed for parents and guardians to keep an eye on their young ones behind the wheel, the 'Rookie Dongle', connects to the vehicle's on-board diagnostics (OBD II) port, internal GPS and mobile technologies to push real-time data to the cloud and send notifications to car owners via email or text when the driver is speeding, suddenly accelerates, brakes hard or has high RPM levels.

Are these sponsored stories?

They keep saying submitted by "anonymous" and include a link in the title bar to the front page of the site that is hosting the article. Bullshit detector is going off full blast right now.

Re: Are these sponsored stories?

One should never, ever, for any reason allow telemetry data to be uploaded to anywhere. Even if it isn't sold to insurance companies (and the notion of them geting their slimy hands on it is bad enough), you should never subject yourself or your family to the pile of trouble this can cause in case of an accident.

So your kid drives imperfectly. Who doesn't? Then maybe gets into a wreck. You now have a legally discoverable trail of evidence that can be made to show whatever the other party wants to. That your kid drove imperfectly in the past and you did nothing about it would be a good place for them to start.

Never keep records you don't have to keep, and never help anyone sue you.

Love it!

[bwwatr]

Let's condition our kids to expect systemic surveillance from early on, and teach them about trust by demonstrating a complete lack of it ourselves.

Great. Another internet-to-CANbus bridge

The OBD-II port allows access to the life-safety systems of the car. It is a private unsecured network that performs no authentication.

These dongles allow arbitrary access to the car bus, limited only by their buggy software. They shouldn't even be manufactured.

Re:Great. Another internet-to-CANbus bridge

[jittles]

You are wrong. On the internet. Shame, shame.

Pot meet kettle?

Arbitrary access to the car bus is provided by the port that you plug this device into. The device listens to that bus and takes actions outside of the car network. Arbitrary access to the car network existed already.

This 'arbitrary access' you refer to is only available to someone who has physical access to the CANBus to begin with. And when has anyone ever claimed that you could prevent a network from being owned when someone has physical access to it? These devices put that air gapped network ONTO the internet. Sure you could buy a car with OnStar and achieve the same thing, but many people are smart enough to avoid OnStar vehicles.

Also, the only part of the "life-safety" system you can access is the airbag status. The "life" and "safety" things in the car computers are the airbags and brakes. Those both have their own isolated subsystems. You cannot mess up the "life-safety" systems in the car through the ODB-II port, you can only read the status.

This is not true either. Just a few months ago black hats demonstrated the ability to control the ABS systems of cars, kill the engine while they are traveling at high rates of speed, and more. Less than a year ago I had a meeting with a major car manufacturer to discuss Android Auto and CarPlay with the engineers working to integrate it into their vehicles. With the prototypes I saw, you could start/stop the car and affect many other systems directly through the Manufacturer's own app. This app keeps you in their nice little playground. You could do a lot more if you escape their jail.

The things you could change, if a device changed operating mode to the diagnostic mode, are just things that would make your car run like crap, or shut off.

Having your car shut off at just the wrong moment could result in your death. And as I mentioned before it has already been established that ABS systems are vulnerable to tampering. So now you could have someone kill your engine and your brakes at just the right time to result in a fatal crash.

Yeah, if you plug this thing into your car, and the software gets cracked, trolls could disable your vehicle. Why should manufacturing stop? If your doorknob was built with a lock that some people could pick, bad people could steal from you. Does that mean that locks shouldn't be manufactured? No, it means you have to choose what product to use, and some people will make poor choices.

The CANBus was never designed to be exposed to attack like this. You're willing to have people in 2500+ pound vehicles flying down the road with script kiddies attacking their cars? And for what gain? So insurance companies can track your speed and position? So that you can have some company babysit your kid so you don't have to actually be a parent? So you can stalk your ex girlfriend? The risk to society far outweighs the benefit to society which, from my perspective is absolutely zero.

My car is old, a 2000, but even with the car off and the main computer without power, the traction computer is still on and functioning. The anti-lock brakes are on the same computer as the anti-roll parking mode, and the traction assist for ice and snow. I could totally fry the main computer that connects to the ODB-II port, and I'd still have traction control. And if the vehicle is in gear and moving, I'd still have power assist to the brakes even if the engine had stopped firing because of a computer problem.

Your car may not be as vulnerable as other cars but that doesn't mean that we should open up the car's network to the whole world for no reason. Let's look at your argument about door locks. Let's consider the fact that the network is NOT on the internet to be one of the locks securing it. Are you suggesting we should just remove this lock because someone could