Return of the Guru

Auto Security Vulnerability Poses Problems for Insurers

Ara Trembly
Insurance Experts' Forum, March 17, 2011

Common sense would dictate that having a remote service like OnStar in one’s car would be a benefit, with the technology allowing for quick emergency response, remote door unlocking and even tracking of stolen vehicles. Like most technologies, however, this one has its down side, and that side has been emphasized by a new report cited recently in The New York Times.

It seems that with a modest amount of expertise, computer hackers could gain remote access to someone’s car—just as they do to people’s personal computers—and take over the vehicle’s basic functions, including control of its engine, according to a report by computer scientists from the University of California, San Diego and the University of Washington, the Times says.

While the article notes that no such takeovers have been reported in the real world, the scientists were able to hack into a vehicle’s systems in an experiment they conducted.

“Because many of today’s cars contain cellular connections and Bluetooth wireless technology, it is possible for a hacker, working from a remote location, to take control of various features—like the car locks and brakes—as well as to track the vehicle’s location, eavesdrop on its cabin and steal vehicle data,” the researchers said. They described a range of potential compromises of car security and safety.

In their remote experiment, researchers were able to undermine the security protecting the cellular phone in the subject vehicle, and then insert malicious software, the article says. This allowed them to send commands to the car’s electronic control unit—the nerve center of a vehicle’s electronics system, which, in turn, made it possible to override various vehicle controls.

The bottom line is that, vandalism aside, cars that are equipped with cellular technology and services are in greater danger of being stolen. Of course, this hasn’t happened yet, but surely having the idea spread worldwide by one of the country’s leading newspapers will give some criminals ideas. And this mode of theft has several advantages, including the fact that the thieves will know when you’re not in the car, and will be able to open and start it looking as if they had the keys. Further, once the vehicle is procured, the cellular connection could be disabled.

From an insurance point of view, these developments pose an interesting quandary. Should auto premiums be higher for cellular-connected vehicles? Maybe those premiums should be lower for vehicles that demonstrate better-protected wireless systems. With the already poor security capabilities of most wireless devices today, however, one wonders what automakers could do to bolster defenses against such an attack.

Ultimately, we may find that we won’t just be able to jump into our vehicles and start them up. Instead, we may need to pass muster with some biometric (fingerprint, retinal scan) device just to gain access to the car. Next, we might have to enter a password in order for the vehicle to start. Sounds like a lot to go through just to take a trip to the supermarket, but just as technology makes things easier for legitimate car owners, it also provides opportunities for the criminally minded among us.

Insurers will have quite a task to determine just how to rate these risks. Stay tuned.

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Don’t Wrap Your Organization Too Tight With Metrics

Metrics provide a picture of how business is going, and systems are performing. But do they provide the right picture?

Insurance: The Original Shared Economy

Insurers should look to revisit the roots of the insurance process.

The Seven Flavors of Virtualization

There is no one single form of virtualization rather, different parts of the IT infrastructure require different approaches.

Can New Technology Turn Older Cars into Safer Cars?

Unless you have the means and motivation to buy a new car every year, your newest car is quickly about to become an older car.

What if Someone Kickstarted an Insurance Company

Our industry is evolving and implementing new innovations, particularly focusing on the customer experience, including the web and mobile.

The Transformative CIO

Today's technology leaders are expanding well beyond their traditional role.