Will the Little Telematics Black Box Bring Insurers Big Headaches?

The internet of things promises a lot of advances and insurers are going to reap plenty of benefits from this. Health insurers are going to be able to get live data from the insured parties. Home insurers will be able to better monitor the insides of a home. And so on…

However, there’s a downside to all these device too. You may have missed the news but in July a hacker managed to remotely disable a Chrysler Jeep on the road through a remote wireless attack. This provoked a total recall of the affected product (nearly 1.4 million vehicles) and leaves Chrysler wide open to lawsuits from car owners.

How Does This Affect the Insurance Industry?

While it’s true that the Chrysler hack doesn’t involve any insurance technology, the bad news is that at a recent security conference in San Diego a group of university researchers demonstrated a technique that will have insurers gasping nervously into brown paper bags. They used the telematics black box, an item commonly supplied by insurers to help monitor car usage for fairer policy charges, to hack into a car and disable its brakes.

The group essentially reverse engineered the technology used in the telematics device and discovered several (not just one) ways to exploit security issues in the devices. The team concluded that it wasn’t just the breaks that were at risk either – the exploits could be used to take control of the steering and other systems in the car.

The telematics manufacturer, Metromile, immediately released a patch to overcome the difficulties found by the research team. Unfortunately, it’s not quite that simple to fix as not all hardware updates automatically and the researchers say that other hardware is vulnerable to hacking too.

The implications for insurers are huge. The potential liabilities incurred if a terrorist group or hacking group carried out a large scale hack on black boxes and caused (or threatened to cause) mayhem on the roads is genuinely incredible.

Insurers are going to have to carefully examine how they structure their own insurance to cover any such eventuality. They may also need to carefully consider as to whether telematics is a viable solution in the long-term.

Fortunately, the exploits identified this time around were identified by legitimate security researchers and problems could be fixed before a malicious exploit occurred. Who can say with any certainty if this will be the case next time round? The internet of things just became a much murkier place.