Usage-Based Insurance Programs Collect More Data than Users Expect
By Robert Foster
Contributor, In Cyber Defense
Usage-based insurance programs that offer discounts for using in-vehicle devices that collect driving-specific data are becoming more and more popular. Companies using these programs offer them to their customers, boasting that monitored safe driving habits will lead to lower premiums and deductibles for the drivers. However, research has now shown that part of the data collected is being stored in the cloud as opposed to the vehicle’s onboard computer, leaving the driver’s personal data vulnerable to cybercrime.
Students working on their master’s thesis at Ben-Gurion University of the Negev (BGU), along with their advisor, Professor Michael Segal of the BGU Department of Communication System Engineering, conducted research to see just how much private data could be determined from the data collected from the in-vehicle devices. These devices are intended to track information such as total driving time, cornering speeds and average overall speeds. Using a specific algorithm, the researchers were able to collect additional data such as the driver’s location, the location of their home, work and even individuals they met from the little data that was collected and stored in the cloud from the in-vehicle device. This data was all obtained without using the GPS information associated with the users.
As technology develops and cars become more connected with wide-ranging vehicle networks, whether it be to collect driver information for insurance companies, provide users with information on the go, or offer in-vehicle entertainment, private information of these users will become more and more vulnerable to unwanted interception and attack. Developments such as these demonstrate the increasing need for advances in cybersecurity to keep one step ahead of the threat that could arise.