Shopping, Banking from Car Dashboards Opens Door to Identity Theft
By: Keith Naughyon & Olga Kharif (Insurance Journal) September 2015
Hackers can already take control of a car. And as vehicles become rolling shopping malls, cybercriminals will have an opportunity to snatch your identity, too.
Eager for a cut of drivers’ purchases of fast food, gas and more, automakers have big plans to bring e-commerce to the dashboard. Ford Motor Co. already has an app that lets drivers dictate an order to Domino’s Pizza using voice controls and a smartphone. General Motors Co. this year began offering AtYourService, which alerts drivers to deals at Dunkin’ Donuts or lets them book a hotel room on Priceline.com using voice commands. By 2020, as many as 40 percent of new vehicles sold worldwide will let drivers shop from behind the wheel, predicts Thilo Koslowski, vice president of the auto practice at Gartner.
Connected cars present a rich target, akin to retailers or banks, where hackers can troll for credit card numbers, home addresses, e-mail information and all the other personal details required for identity theft.
“Today the motivation for hacking a car is mischief, with an objective of hurting people or car companies,” Koslowski said. Once drivers can shop with impunity as they roll down the highway, “the car will definitely be viewed as a vulnerable device.”
Most cars sold today lack the technology for drivers to pay for items they purchase (unless they use a smartphone). But by 2022, 82.5 million autos worldwide will be connected to the Internet, more than triple the number now, according to researcher IHS Automotive. In the next two to five years, “buy buttons” connected to smartphone mobile wallets will start appearing on dashboards, according to Richard Crone, who runs payment adviser Crone Consulting LLC. That means motorists will soon be able to buy a pizza, fill up the tank or preorder a half caf skinny macchiato from Starbucks without pulling out their phone.
Banks and credit card companies are looking to pile in. Visa has developed an app for the dashboard or smartphone that enables the car to automatically purchase gasoline, parking and fast food. Commercial deployments will be announced in the next three to six months. FIS, a payment technology company, is developing a banking app for cars that will let drivers pay bills or check balances.
Commuters want to be constantly connected, and shopping from the steering wheel is the next logical step, said Phil Abram, chief infotainment officer of GM’s OnStar system, a blue button on the rearview mirror that links drivers to a live attendant.
“Over 3 million times a year, somebody pushes the blue button in a car and asks for directions to a hotel or to ask ‘Where is a coffee shop or gas station?”’ Abram said in an interview. “The roots of this are in what customers want.”
But automakers this summer have proven easy targets for hackers. Two security experts hacked into a Jeep Cherokee’s infotainment system in July to take control of the engine and transmission as an 18-wheeler was bearing down on it. OnStar also was hacked when a security researcher used a small device hidden on a 2013 Chevrolet Volt to take control of GM’s RemoteLink app, which allowed him to unlock the car and start its engine.
“This has been a bit of a blind spot for automakers,” Mark Boyadjis, a technology analyst for IHS, said of cars’ vulnerability to hacking.
The Jeep hack forced parent company Fiat Chrysler Automobiles NV to recall 1.4 million vehicles and ask wireless partner Sprint Corp. to issue a temporary fix over its network. GM worked with the “white hat” hacker to come up with a software patch for RemoteLink within 24 hours, Abram said. Early services like Ford’s Domino’s app don’t put a driver’s credit card information at risk because that data is stored in the smartphone, the automaker said. Visa’s in-car payments will use a randomly generated digital “token” rather than the credit card number.
Hackers bent on identity theft are expected to infiltrate cars through the entertainment portal, as the Jeep hackers did, or market malicious apps that appear harmless or even helpful, but actually steal personal information. Opening the dashboard to apps from third parties will invite thieves along for the ride, said Ryan Smith, chief scientist for Optiv, a cybersecurity company that consults with automakers.
“When payment systems come online inside of cars, it will be an attack surface that attackers will start looking at and poking at,” said Smith, who has worked with Charlie Miller and Chris Valasek, the men behind the Jeep hack. “You’re going to see the entire spectrum of fraud inside these vehicles.”
Categories
- Benefits Resources
- Bonding
- BOP
- Business Insurance
- Commercial Auto
- Commercial Property
- Company News
- Construction
- Crime Insurance
- Cyber Insurance
- Directors & Officers
- Employee Benefits
- Employment Practice Liability Insurance
- Entertainment
- General Liability
- Health Insurance
- Healthcare
- Healthcare Reform
- Homeowners Insurance
- Hospitality
- Manufacturing
- Medical Malpractice
- Mining & Energy
- Nightclubs
- Personal Auto
- Personal Insurance
- Professional
- Restaurants
- Retail & Wholesale
- Risk Management Resources
- Safety Topics
- SBA Bonds
- Security
- Seminars
- Technology
- Tourism
- Transportation
- Uncategorized
- Workers Compensation
Archives
- May 2021
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- November 2018
- September 2018
- August 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- February 2013
- November 2011
- October 2011
- September 2011
- July 2011
- June 2011
- March 2011
- November 2010
- October 2010
- September 2010
- April 2010
- February 2010
- November 2009
- October 2009
- November 2008
- August 2008