The cyber risk of virtual car keys

Connected cars need to offer adequate protection from potential cyber risks, but at the same time they have to permit discrimination-free access to the vehicle’s data so that third parties can perform servicing. Just how complex that can turn out to be in practice was discussed by the experts at the 8th Allianz Motor Day on September 22, 2020, focusing on the example of the “virtual car key.” 

That key opens, locks, and starts the car using a smartphone, which replaces a conventional car key. 

It’s convenient, but it also raises questions. For instance, what’s the data security situation? What happens if the system gets hacked? And questions also arise for insurers, especially in the event of a total theft. After their car is stolen, the vehicle’s operator has to provide us with the full set of keys when claiming the loss. But how do you do that? How can they prove the vehicle was really stolen, and that it isn’t just being used by an authorized driver who somehow “acquired” a virtual key at some point? And the insurer has to answer the questions: What do we need to investigate, and how?

After a car theft, a customer has to turn in the full set of keys to the insurance company to get the claim settled. If the person has a digital key, besides turning in all the physical keys, they also have to name everyone who held an authorized virtual key at the time of the theft, and prove that the authorization was canceled.

An international standard for virtual keys

That’s why Allianz joined forces with RCAR, an international association of automotive research centers with 24 members in Europe, Asia, North America, South America, and Australia, to define an international standard for virtual vehicle keys so our clients can be compensated quickly and without complications after a total theft, even when a virtual key is used. On top of that, to protect clients, the standard also defines yardsticks for the IT security of the entire system, including the vehicle, the smartphone, the back end, the communications, and user interactions. 

In addition, as part of its initial insurance classification, since March 2020 the association of the German insurance industry (GDV) has been covering these systems if they’re included or being prepared for the vehicle.

Virtual car keys must not be duplicable

“A client has to be able to trust a virtual key. Nobody is going to send in their smartphone to the insurance company if their car is stolen,” says Jochen Haug, Chief Claims Officer at Allianz Versicherungs-AG. “In other words, the key can’t be duplicable, and in the event of a total theft, we need a transparent view of who was authorized to use what key, and when.”

The four most important requirements for a virtual car key

  • A virtual car key must not be duplicable. Analogously to a physical key, it must be possible to tell how many keys are in circulation.
  • All authorized users of the vehicle must be listed for the client – and in the event of a claim, for the insurer – in a way that’s easily understandable, transparent and unchangeable. The client must also be able to provably cancel all virtual keys immediately in the event of a total theft.
  • Authorization to access the car must be separate from the authorization to drive it, to keep the existing protection provided by the electronic engine immobilizer from being circumvented, and to ensure the security of future service models like “delivery to the trunk.”
  • The data environment for making and storing virtual keys must be strictly separated from other applications. All data critical to security – like authorizations and key calculation – must be stored or carried out in a secure storage and execution environment. 

The Allianz Group is one of the world's leading insurers and asset managers with more than 100 million retail and corporate customers in more than 70 countries. Allianz customers benefit from a broad range of personal and corporate insurance services, ranging from property, life and health insurance to assistance services to credit insurance and global business insurance. Allianz is one of the world’s largest investors, managing around 774 billion euros on behalf of its insurance customers. Furthermore, our asset managers PIMCO and Allianz Global Investors manage 1.7 trillion euros of third-party assets. Thanks to our systematic integration of ecological and social criteria in our business processes and investment decisions, we hold the leading position for insurers in the Dow Jones Sustainability Index. In 2019, over 147,000 employees achieved total revenues of 142 billion euros and an operating profit of 11.9 billion euros for the group.

These assessments are, as always, subject to the disclaimer provided below.

Press contacts

Christian Weishuber
Allianz Deutschland AG
As with all content published on this site, these statements are subject to our cautionary note regarding forward-looking statements:
Disclaimer

Further information

Euler Hermes announces an extension to the protective shield scheme

The global pandemic continues to create a volatile environment for the German economy, especially its many SMEs. So, last week’s announced extension of the protective shield is a welcome boost for businesses and welcome news for the German economy.

Euler Hermes: Successful extension of supply chain protection

The German government, Euler Hermes and other German credit insurers have jointly decided to extend their protective shield for the German economy by six months until June 30, 2021. The agreement is still subject to approval by the EU Commission.

Are pandemics insurable?

The magnitude and impact of the COVID-19 pandemic on businesses, regardless of size or location, cannot be underestimated. Mass closures due to lockdown restrictions have sent shockwaves through the economy and led to the number of business interruption-related damages to soar. As a result, insurers have come under fire. They argue that pandemics are not insurable and insurance cover cannot be provided. Allianz, however, is working on solutions for the future...