The data MetroMile collects via OBD.

I logged in, and saw that there was now an option to download data that MetroMile collected on your driving, through their OBD dongle. Naturally, I had to check it out! What I found was a bit breathtaking. Now, mind you that they do not bill you based on driving habits, but when you see what sort of data is collected, you can imagine the nefarious things one could use this data for.

Here's a partial list of the data MetroMile collects:

• Latitude and longitude;
• GPS speed;
• Heading;
• Altitude;
• Odometer;
• Number of GPS satellites pinged;
• Acceleration in X, Y and Z coordinates;
• Direction of gyroscope in X, Y and Z;
• Engine RPMs;
• Vehicle speed;
• Control module voltage;
• Manifold air intake flow;
• Air intake temperature;
• Malfunction indicator light on.

So what makes this so interesting? Because last week, it was reported that Progressive's dongle, Snapshot, was completely unsecured. Anyone with the right tools and expertise could access your data or control parts of your vehicle, either by intercepting the transmissions from Snapshot or by hacking their way into Progressive's servers. And because these devices transmit in real time, someone could also track you in real time.

Before, in order to control a car via the OBD port, you needed to physically access it, and plug something in there that you could then communicate with. With the Snapshot using unsecured transmissions, you no longer need physical access to the OBD.

So if you work for MetroMile and are reading this, please do confirm that your wireless transmissions are 100% secured. If they aren't, please secure them immediately!