Would be interesting to see insurance companies stand on this. Are you expected to pay for the security upgrade or not. Will it be deemed missing as "unpatched - that's your fault".
This is a great question. Have been in insurance for 20 yrs now. Cannot phantom why f.e. insurers don’t hold manufacturers responsible for losses due to cloned car keys with inadequate protection. I do know that insurers are generally very hesitant to start legal procedures, especially those that end up in the news. Say, Volkswagen and Stellantis are formidable adversaries as well as national champions, so there is some presumption that getting your right might be difficult. And the bar as I understand it is not technical SOTA, but more something like acceptable practice, so the manufacturer could argue “hey everyone has shitty protection, so suck up the loss”. Perhaps the newest European legislation will help raise the bar / even the playing field.
Given that many door locks and other portable locks are laughably bad and can be opened with sometimes simple shimmering, or at most basic picking tools, that would mean insurance companies could already have sued Master locks for instance. So at least, bad security is probably not enough for it.
From there, making customer pay to fix bad security doesn't sound like a significant step.
wjnc|6 months ago
makeitdouble|6 months ago
From there, making customer pay to fix bad security doesn't sound like a significant step.