Auto Security Vulnerability Poses Problems for Insurers
Insurance Experts' Forum, March 17, 2011
Common sense would dictate that having a remote service like OnStar in one’s car would be a benefit, with the technology allowing for quick emergency response, remote door unlocking and even tracking of stolen vehicles. Like most technologies, however, this one has its down side, and that side has been emphasized by a new report cited recently in The New York Times.
It seems that with a modest amount of expertise, computer hackers could gain remote access to someone’s car—just as they do to people’s personal computers—and take over the vehicle’s basic functions, including control of its engine, according to a report by computer scientists from the University of California, San Diego and the University of Washington, the Times says.
While the article notes that no such takeovers have been reported in the real world, the scientists were able to hack into a vehicle’s systems in an experiment they conducted.
“Because many of today’s cars contain cellular connections and Bluetooth wireless technology, it is possible for a hacker, working from a remote location, to take control of various features—like the car locks and brakes—as well as to track the vehicle’s location, eavesdrop on its cabin and steal vehicle data,” the researchers said. They described a range of potential compromises of car security and safety.
In their remote experiment, researchers were able to undermine the security protecting the cellular phone in the subject vehicle, and then insert malicious software, the article says. This allowed them to send commands to the car’s electronic control unit—the nerve center of a vehicle’s electronics system, which, in turn, made it possible to override various vehicle controls.
The bottom line is that, vandalism aside, cars that are equipped with cellular technology and services are in greater danger of being stolen. Of course, this hasn’t happened yet, but surely having the idea spread worldwide by one of the country’s leading newspapers will give some criminals ideas. And this mode of theft has several advantages, including the fact that the thieves will know when you’re not in the car, and will be able to open and start it looking as if they had the keys. Further, once the vehicle is procured, the cellular connection could be disabled.
From an insurance point of view, these developments pose an interesting quandary. Should auto premiums be higher for cellular-connected vehicles? Maybe those premiums should be lower for vehicles that demonstrate better-protected wireless systems. With the already poor security capabilities of most wireless devices today, however, one wonders what automakers could do to bolster defenses against such an attack.
Ultimately, we may find that we won’t just be able to jump into our vehicles and start them up. Instead, we may need to pass muster with some biometric (fingerprint, retinal scan) device just to gain access to the car. Next, we might have to enter a password in order for the vehicle to start. Sounds like a lot to go through just to take a trip to the supermarket, but just as technology makes things easier for legitimate car owners, it also provides opportunities for the criminally minded among us.
Insurers will have quite a task to determine just how to rate these risks. Stay tuned.
Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.
Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at firstname.lastname@example.org.
This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.
The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.
Add Your Comments...
If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.
You must be registered to post a comment. Click here to register.