This is just the latest of a long list of examples of IoT devices having desirable functionality but failing in cyber security 101. Dark Reading/vulnerabilities
S4x15 Conference -- Miami -- A researcher who peered under the hood of a dongle that plugs into a car's network to track a driver's habits and calculate policy rates found glaring security weaknesses in the device that ultimately could be used to hack a vehicle wirelessly. Corey Thuen, a senior researcher with Digital Bond Labs, reverse engineered Progressive Insurance's SnapShot device -- used in 2 million US vehicles -- and tested it on his 2013 Toyota Tundra truck. After picking apart the hardware and testing its wireless communications while plugged into the vehicle's ODP-II diagnostic port on the car's local network, Thuen found the Progressive dongle doesn't authenticate to the cellular network or encrypt its traffic. The firmware isn't signed or validated, and there's no secure boot function. Also, the device uses the notoriously unsecure FTP protocol.