Return of the Guru

Auto Security Vulnerability Poses Problems for Insurers

Ara Trembly
Insurance Experts' Forum, March 17, 2011

Common sense would dictate that having a remote service like OnStar in one’s car would be a benefit, with the technology allowing for quick emergency response, remote door unlocking and even tracking of stolen vehicles. Like most technologies, however, this one has its down side, and that side has been emphasized by a new report cited recently in The New York Times.

It seems that with a modest amount of expertise, computer hackers could gain remote access to someone’s car—just as they do to people’s personal computers—and take over the vehicle’s basic functions, including control of its engine, according to a report by computer scientists from the University of California, San Diego and the University of Washington, the Times says.

While the article notes that no such takeovers have been reported in the real world, the scientists were able to hack into a vehicle’s systems in an experiment they conducted.

“Because many of today’s cars contain cellular connections and Bluetooth wireless technology, it is possible for a hacker, working from a remote location, to take control of various features—like the car locks and brakes—as well as to track the vehicle’s location, eavesdrop on its cabin and steal vehicle data,” the researchers said. They described a range of potential compromises of car security and safety.

In their remote experiment, researchers were able to undermine the security protecting the cellular phone in the subject vehicle, and then insert malicious software, the article says. This allowed them to send commands to the car’s electronic control unit—the nerve center of a vehicle’s electronics system, which, in turn, made it possible to override various vehicle controls.

The bottom line is that, vandalism aside, cars that are equipped with cellular technology and services are in greater danger of being stolen. Of course, this hasn’t happened yet, but surely having the idea spread worldwide by one of the country’s leading newspapers will give some criminals ideas. And this mode of theft has several advantages, including the fact that the thieves will know when you’re not in the car, and will be able to open and start it looking as if they had the keys. Further, once the vehicle is procured, the cellular connection could be disabled.

From an insurance point of view, these developments pose an interesting quandary. Should auto premiums be higher for cellular-connected vehicles? Maybe those premiums should be lower for vehicles that demonstrate better-protected wireless systems. With the already poor security capabilities of most wireless devices today, however, one wonders what automakers could do to bolster defenses against such an attack.

Ultimately, we may find that we won’t just be able to jump into our vehicles and start them up. Instead, we may need to pass muster with some biometric (fingerprint, retinal scan) device just to gain access to the car. Next, we might have to enter a password in order for the vehicle to start. Sounds like a lot to go through just to take a trip to the supermarket, but just as technology makes things easier for legitimate car owners, it also provides opportunities for the criminally minded among us.

Insurers will have quite a task to determine just how to rate these risks. Stay tuned.

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Living with the Internet of Things (and crowd funding)

The Internet of Things has it’s teething problems.

6 Technology Priorities for Individual Life Carriers

While many aging, generally mainframe-based systems, remain capable of supporting basic policy processing and accounting functions, the costs associated with enhancing them are becoming increasingly problematic.

With Google Favoring Mobile, Will The Industry Take it Seriously?

Google’s search engine will now will favor mobile friendly content over traditional website content; within the insurance industry, the greatest initial impact is likely to be felt by insurance distributors.

Why Some Technologists Get Cold Feet on Mobile

There are those who believe that favoring one channel or mode over another will lead to even more silos and dysfunction than we already have in many organizations.

Insurance IT Spending and Budgeting Benchmarks

New research from Novarica highlights areas of concern and offers insights on insurers spending and budgeting decisions.

Enterprise Mobilemania Continues Unabated

More than half of companies are spending more on developing mobile applications -- but are they more efficient?