Home Publications Research Data Research Grants Inventions & Patents Awards Additional Research Activities Faculties & Institutions Research Areas

Driving Down Premiums: A Security and Forensic Analysis of the DriveWell Insurance System

Laves C, Hutzelmann T, Mayer K, Hof HJ (2025)

---

Publication Type: Conference contribution

Publication year: 2025

Publisher: Association for Computing Machinery, Inc

Conference Proceedings Title: CSCS 2025 - Proceedings of the 2nd Cyber Security in CarS Workshop

Event location: Taipei, TWN

ISBN: 9798400719288

DOI: 10.1145/3736130.3762688

Abstract

Modern car insurance companies can dynamically adjust premiums with mobile sensor units that constantly record, analyze, and grade driving behavior. However, attackers can tamper with these systems to cheat the insurance company and reduce their premiums. We developed an attacker model for this threat in conjunction with a risk assessment using the ISO/SAE 21434 Risk Rating Methodology, a widely accepted standard for evaluating and managing risks in automotive systems. To support and showcase our model, we examined the static IT security of the mobile sensor unit DriveWell and its companion Android application HUK Mein Auto. In particular, we utilized digital forensic tools to analyze the stored data in the sensor’s internal storage and the app’s smartphone storage, with a focus on encryption mechanisms for locally stored data and internet communication. During this analysis, we spotted a critical vulnerability that enables attackers to manipulate their insurance scores and potentially reduce premiums by up to 30%. Our model and real-world analysis provide a solid foundation for reducing the risk of such manipulation of insurance premiums.

Authors with CRIS profile

Involved external institutions

How to cite

APA:

Laves, C., Hutzelmann, T., Mayer, K., & Hof, H.J. (2025). Driving Down Premiums: A Security and Forensic Analysis of the DriveWell Insurance System. In Hans-Joachim Hof, Mario Fritz, Christoph KrauB (Eds.), CSCS 2025 - Proceedings of the 2nd Cyber Security in CarS Workshop. Taipei, TWN: Association for Computing Machinery, Inc.

MLA:

Laves, Claudius, et al. "Driving Down Premiums: A Security and Forensic Analysis of the DriveWell Insurance System." Proceedings of the 2nd Cyber Security in CarS Workshop, CSCS 2025, Taipei, TWN Ed. Hans-Joachim Hof, Mario Fritz, Christoph KrauB, Association for Computing Machinery, Inc, 2025.

BibTeX: Download