Progressive US saw a major hack of their telematics device this week with more than two million drivers put at risk but
QBE has stressed that its device is much safer than its American counterpart.
Both Progressive and QBE use a telematics dongle that plugs into a car using a slot underneath the dashboard known as an OBD II but one security expert in America has cracked the Progressive device known as a ‘SnapShot.’
Corey Thuen, a security researcher at Digital Bond Labs, believes Progressive’s device is perilously insecure and vulnerable to remote cyber attacks that could prove dangerous to drivers.
A QBE Australia spokesperson said that its Insurance Box holds no driving data and offers much more security than the Progressive device.
“Some telematics devices, including many from US insurers, store driving data in the actual device itself which is then forwarded to the insurer. The Insurance Box device does not hold any driving data. Rather it transmits data in de-personalised form via secure file transfer protocol (SFTP) between two secured parties.
Thuen suggested that the American insurance giant does “nothing to encrypt or otherwise protect the information [it] collects,” and as such, “it would be possible to intercept data passed between the dongles and the insurance providers’ servers.”
“The firmware running on the dongle is minimal and insecure,” Thuen told
Forbes.
“Basically, it uses no security technologies whatsoever. What happens if Progressive’s servers are compromised? An attacker who controls that dongle has full control of the vehicle.”
QBE was quick to note that its device offers no such control and users of Insurance Box can rest assured that their data, and car, will be safe when using the device.
“The device has no ability to issue commands into the Engine Management System or enter the gateway so Insurance Box is not open to those same hacking risks,” the spokesperson continued.