Brokers doubt the value of hacked UBI data

Brokers were united in their skepticism of the value of hacking into a car’s telematics device and stealing the data, making our Comment of the Week.

Risk Management News

By

Brokers were united in their skepticism of the value of hacking into a car’s telematics device and stealing the data, making our comment of the week.

The article, ‘UBI device vulnerable to cyber attack,’ garnered online opinions from those within the insurance industry on the value that intercepting such data would yield to a cyber hacker.

“I might be just a dumb insurance broker but the thought that intercepting usage data coded to a customer number would have any value whatsoever to a computer hacker either in competitive exploitation of the data or marketability for profit or gain is not a possibility I would be concerned about either as a customer or a company?” wrote Thom. Young. “The idea that accessing this data gives you some control over the operation of the motor vehicle is simply absurd.

“These devices record vehicle movement recording the data and transmitting it for collation and analysis. Client coding and the data itself is coded for sorting. There are no individual identifiers in the mix. The thought that something plugged into the cigarette lighter of a vehicle might allow someone to control the vehicle is simply laughable.

“I don't know where this guy Thuen is from or what training he's had but he's about worn out his 10 minutes of fame!”

It was Corey Thuen, a security researcher at Digital Bond Labs, who told Forbes that Progressive Insurance’s Snapshot device is perilously insecure and vulnerable to remote cyber attacks that could be dangerous for drivers.

He went on to suggest that the insurance giant does “nothing to encrypt or otherwise protect the information (it) collects,” and as such, “it would be possible to intercept data passed between the dongles and the insurance providers’ servers.”

For another Insurance Business reader, the advantages of being able to hack into a UBI device would be dubious, at best.

“Despite the fact that any UBI would have to interact with the car's onboard computer, it would take an extremely sophisticated attack to give any kind of control over the engine computer,” wrote Duncan. “Most cyber attacks don't occur simply because the criminals have the capability to do something; it is because it will give them an advantage. I don't see how hackers can turn a profit from intercepting vehicle usage statistics, meaning that it would be a low priority risk.”
 

Keep up with the latest news and events

Join our mailing list, it’s free!