Wondering if anyone has any advice on this. Two Saturdays ago, I installed Liberty Mutual's RightTrack OBDII tracking device into my F Type for their discount on our new insurance.

That Monday morning (I didn't drive after installing it) my car was indicating that the battery was low saying that I needed to start the car to charge the battery. The trunk wouldn't open on its own power until I turned on the car.

I thought this might've been a weird coincidence since I know folks have some issues with the batteries, but this is very odd timing. I drove for the entire week with the device attached being sure to turn off Eco start/stop to let the battery charge the whole time.

This weekend, though, I got the same issue and the battery is low, so now I removed the RightTrack.

What's also odd: I never noticed this before the RightTrack, but my Hazard button light on the dash and my door lock lights by the inside door handles now stay on when I lock the doors. Is this normal? Maybe I just never noticed?

 

Plugging anything into the OBDII port will occasionally freak out the battery control module. The simple solution is to disconnect the battery for 10+ seconds whenever you do so. This will also resolve the issue of those other lights from staying on for too long.


Go ahead and plug in the RightTrack, and disconnect the battery immediately thereafter for the prescribed time.

 

Same here, I connected a Kiwi 3 to my OBDII port last week and my battery low issue (with hazard / door lock lights remaining on indefinitely) came back after a day or so. A disconnect/reconnect resolved it as usual.

Will try disconnecting/reconnecting battery after connecting the OBDII device next time.

 

Thanks for the tip, Unhingd. I'll try that after I reattach the RightTrack.

 

This is bad idea for the following reasons:

1. These devices are not secure*, but they integrate cell modem (similar to data link on your smartphone). You pretty much connected your car's OBD port to the internet, making it possible to read and write data to CANBUS (you car's control network).

2. Insurance company is not looking out for your best interest, instead they are collecting data to justify denying your claims or raising your premium.


* This was reported on Forbes, but since they went nuts with their anti-ad-blocking, here is non-Forbes link:

http://www.autoblog.com/2015/01/21/2...-risk-for-car/

 

With regard to #2, I do not believe this is an accurate characterization. I have a friend who works for one the large U.S. insurance companies, and I have been insured by this company for 15 years.

I asked him specifically about how these devices were used, and he said with his company they are NOT used to raise your rate. Your rating is done using the conventional actuarial formulae. What they can do, is LOWER your rate if the data are favorable. They only collect the following data:

1) miles driven
2) hard braking
3) rapid acceleration
4) night driving (defined as between midnight and 5am)

Worst case is that you do not receive much, if any, discount, but they offer 5% off for just enrolling in the program. I enrolled w/ two of our cars (not the F-Type ;-)), and received a 28% discount on one car and 19% on the other (primarily because it logs many more miles than the other).

Lastly, they only want to log your data for 6 months, and then you return the device.

 

However, nothing stops them from setting the base rate at some arbitrarily high
number.

I suggest the real agenda is to achieve critical mass, at which point it is no longer
voluntary on a reasonable commercial basis. The argument at that point will be
the old chestnut of "if you have nothing to hide". Anyone with "something to hide"
will be charged punishingly high rates to encourage "compliance".

Oh neat. Receive device, plant virus, return device, let the insurance company
spread the virus. Cool.

The "network of things" has already been found to be less than secure in many
instances. Hire a project manager who does not know much, let him do the research
by calling in potential low bidders. Buy from the low bidder who outsourced the code
to the lowest bidder. Your household electrical system can now be shutdown at
will and it also works as a jumping off point to the rest of the house.

 

3. They are looking to achieve critical mass so that the outliers will be forced into their
control scheme.

 

And who knows which company is using which device.

 

The idea that someone is monitoring how I drive my car is abhorrent to me and though they may use the data for some type of "break" on insurance pricing at this juncture it's a very slippery slope IMO....




Dave

 

That would be my prediction. When, not if.


Dave

 

Can I save myself w/ a tin-foil hat?

 

I'm simply laying out some inconvenient truths about the way
companies behave, their motivations, and the way software is
developed.

On that last one, the willingness to find and hire the very best
is usually not at the top of the list of requirements. And even
if it was, the available supply of the truly qualified is constrained.

Your friend may be a fine fella'. But at the office he may not be
in control of every aspect of policy nor privy to the highest levels
of discussion.

BTW, a Jeep Cherokee was used in a demo where the attackers
cranked up the radio, set the wipers at high speed and some
other things. This was on a freeway from a chase car.

The ability to deploy the airbags was available, but was not
exercised. Throttle command was also available.

Even if someone has a beef with you and deploys all airbags
while sitting in the driveway, the vehicle would effectively be
a writeoff due solely to cost of repair.

 

Works for me.

 

In all seriousness, your points are good ones and well-taken. I am also well aware of the dangers we face w/ increasing connectivity to the Internet. However, I'm also reasonably optimistic that these challenges will be met w/ effective security, but not without experiencing setbacks every so often, as we've already seen in various large-scale black hat hacker attacks against large companies, as well as governments.

Likewise, I'm reasonably optimistic about the free-market's ability to adjust to business practices that the masses will find objectionable. In the case of an insurance company that attempts to bully the majority of it's customers into accepting "big brother" monitoring or else, I suspect that company will pay the price with a customer backlash, which other insurance companies will take advantage of.

We're already seeing the early signs customer rebellions against long-term cell-phone, and cable TV contracts w/ competitor companies marketing alternatives w/ consumer freedom from such obligations.

Regarding your edit after the original post, yes, I own the very model Cherokee that was hacked. I also had a flash drive mailed to me less than 2 weeks after that story appeared that closed that hacker back door. It took me less than 5 minutes to do that security upgrade in my own garage.

 

I work as infosec auditor and I can tell you in absolute terms that information security is simply not a priority anywhere anytime. Everyone does absolutely bare minimum they can get away, and aside from payments industry bare minimum is nothing. The only realistic way to secure for the next 20+ years will still be "never connect to the Internet" method. Smart Fridge, smart thermostat, insurance monitoring dongle... all have barn-sized security holes.

I like to talk about this in terms of toxic dumping into river, when you buy a product you don't see all pollution it produced. Market can't solve this issue because action and consequences are frequently more than twice removed. Average consume won't know the value of good security - it is silent and you don't see it when it works. More so, when security fails there tends to be a lot of shifting blame, it isn't your insecure infrastructure or software, it is that one no-good bad **** site you visited so it all must be your fault...

 

I'm keenly aware of this given what I do for a living as well.

As I said above there will be "set-backs," but I believe that ever-increasing security breaches will push society to the "tipping point," where it will become a top priority.

 

I thought AM hack would be a tipping point where people would start considering consequences of oversharing personal data with third-party social sites seriously. It wasn't. Despite quite a number of people getting very serious blow back on being careless with their data. People even died (via suicide) over this.

So again, I disagree. I can't imagine what kind of compromise short of Terminator Judgement Day magnitude event that would make general public take information security serious.

 

Perhaps, but I'm not optimistic. Our Govt. does cyber warfare, yet doesn't use its knowledge to prevent data breaches like the massive OPM one.

I'm with the OP that with most of the companies that I deal with talk about how great they are with IS and IA, but in actuality most do the very bare minimum - anything more costs time and money. So far companies that have been hacked have been able to get away with providing credit monitoring, etc. after the fact. Like closing the barn door... It's going to take several large class action suits that cost real money, and IMHO even that won't work for smaller business.

The upside is that the automakers are working hard to improve security because the liability is so large and gets to be astronomical for self-driving cars.

 

Oh, I think a large-scale, multi-day, black-out would get us close to the "tipping point."