Return of the Guru

Auto Security Vulnerability Poses Problems for Insurers

Ara Trembly
Insurance Experts' Forum, March 17, 2011

Common sense would dictate that having a remote service like OnStar in one’s car would be a benefit, with the technology allowing for quick emergency response, remote door unlocking and even tracking of stolen vehicles. Like most technologies, however, this one has its down side, and that side has been emphasized by a new report cited recently in The New York Times.

It seems that with a modest amount of expertise, computer hackers could gain remote access to someone’s car—just as they do to people’s personal computers—and take over the vehicle’s basic functions, including control of its engine, according to a report by computer scientists from the University of California, San Diego and the University of Washington, the Times says.

While the article notes that no such takeovers have been reported in the real world, the scientists were able to hack into a vehicle’s systems in an experiment they conducted.

“Because many of today’s cars contain cellular connections and Bluetooth wireless technology, it is possible for a hacker, working from a remote location, to take control of various features—like the car locks and brakes—as well as to track the vehicle’s location, eavesdrop on its cabin and steal vehicle data,” the researchers said. They described a range of potential compromises of car security and safety.

In their remote experiment, researchers were able to undermine the security protecting the cellular phone in the subject vehicle, and then insert malicious software, the article says. This allowed them to send commands to the car’s electronic control unit—the nerve center of a vehicle’s electronics system, which, in turn, made it possible to override various vehicle controls.

The bottom line is that, vandalism aside, cars that are equipped with cellular technology and services are in greater danger of being stolen. Of course, this hasn’t happened yet, but surely having the idea spread worldwide by one of the country’s leading newspapers will give some criminals ideas. And this mode of theft has several advantages, including the fact that the thieves will know when you’re not in the car, and will be able to open and start it looking as if they had the keys. Further, once the vehicle is procured, the cellular connection could be disabled.

From an insurance point of view, these developments pose an interesting quandary. Should auto premiums be higher for cellular-connected vehicles? Maybe those premiums should be lower for vehicles that demonstrate better-protected wireless systems. With the already poor security capabilities of most wireless devices today, however, one wonders what automakers could do to bolster defenses against such an attack.

Ultimately, we may find that we won’t just be able to jump into our vehicles and start them up. Instead, we may need to pass muster with some biometric (fingerprint, retinal scan) device just to gain access to the car. Next, we might have to enter a password in order for the vehicle to start. Sounds like a lot to go through just to take a trip to the supermarket, but just as technology makes things easier for legitimate car owners, it also provides opportunities for the criminally minded among us.

Insurers will have quite a task to determine just how to rate these risks. Stay tuned.

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Is the Long March to IFRS Convergence Over?

Once a given, the adoption of a single set of accounting standards for the insurance industry is on hold.

So You Plan to Buy a Core System … Now What?

There are many questions for carriers to consider even before the implementation process begins.

What It Takes to Have a Tech-Savvy Workplace

The tools and technologies to build the next workplace are available, but not common yet in corporate settings.

Avoiding the Bermuda Triangle of Data

Handled poorly, questions around data ownership, data quality and data security can sidetrack big data conversations and alienate business stakeholders.

A Prototype of the Successful Innovation Leader

Celent research reveals the prototype for the successful senior innovation leader.

Global Supply Chain, Local Problem

As a technology provider, your client’s ability to deliver products and services to their customers, when and where they need them, is at the heart of their business success.