How clients’ auto data is being breached by thieves, hackers

Your clients’ cars store a lot of their personal data — from biometrics to driving habits, phone contacts, and more — and that can expose them to cyber-attacks.

Modern cars use sensors and connected technology to make driving easier, safer and more seamless. The problem is, they may also expose drivers to personal data breaches and even present an increased risk of car theft, says one P&C broker.

“Similar to ransomware, could something like that happen on a vehicle?” asks Steven Harris a licensed insurance broker and expert at LowestRates.ca.

He says the answer is yes. “You could see situations where people’s vehicles, for all intents and purposes, are bricked and you can’t access them or operate them [unless] you pay that ransom to restore the functionality of your vehicles.”

And with technology presenting more opportunities for vehicles to be cyber-hacked, is it possible a cybercriminal could take control of a car’s steering or braking?

“There’s instances or examples out there where they control the headlights of the vehicle and things like that. So, there’s definitely concern,” Harris says, adding “It’s early days” but so far, the industry hasn’t seen cases of hackers accessing driving functions.

A bigger risk, at least for now, is that drivers may involuntarily expose their data to hackers when they connect their phones to their cars. This leaves them vulnerable to cyber-attacks, ransomware or extortion, and identity theft.

A recent HSB survey found 72% of consumers sync their phones with their personal vehicles and another 60% store personal information in their vehicle computer systems.

And some drivers use telematics devices that let insurers monitor their driving habits. They can either be plugged into a vehicle’s dashboard or downloaded by the driver as a smartphone app. Either way, this can also be a potential cyber security risk.

Many modern cars use sensors and cameras that both survey the surroundings and track a driver’s habits.

This information has the potential to tell hackers a lot about a person’s neighbourhood and their routines, potentially leaving them vulnerable to car theft. And many thieves now routinely use signal jammers to hijack drivers’ key fobs and steal their cars.

“We lose sight pretty easily of how much data can be stored in these vehicles now as they get more and more connected,” says Harris. “The concern is, could that information be compromised or potentially used against you in a way where cybersecurity insurance could come into play and provide protection?”

Though still a fledgling risk, there’s no robust insurance product suite in Canada designed to address auto cybersecurity — at least yet, Harris says there are some U.S.-based examples to draw from. One is Munich Re’s HSB, which recently introduced cyber insurance for autos. It covers attacks on personal data that’s connected and stored in a vehicle.

But with few current products designed for this risk, brokers must advise their clients to take precautions of their own to avoid becoming vulnerable.

For example, drivers should be wary about what information they save in their phone apps or cars. For example, saving your home or work address on Google Maps can tell a hacker exactly where you live.

 Other precautions include:

• Limiting permissions on your phone 
• Keeping your car’s software up-to-date 
• Thoroughly reviewing the privacy policies of apps you’re connected to  
• Avoiding public Wi-Fi networks 
• Turning off Bluetooth when it is not in use .

Feature image by iStock.com/dusanpetkovic