autoevolution

Carmakers Have Begun to Secretly Steal Your Private Data

I'm curious, how many of you ever read all the fine print when buying a new car? By “new car” I mean something ultra-modern, which offers “connected services” that range from in-car Internet radio to weather services or traffic alerts for the navigation system.
Anonymous 1 photo
In the case some of you do actually read the fine print in its entirety, how much of it does it say how that carmaker is going to use all the data that the car will collect from you? You see, that's where the problem lies, even if it may not seem like a big deal for some folks, at least for the time being.

Most drivers don't know or don't care how much carmakers learn about them or their loved ones, that may be true and it's perfectly normal. That said, as soon as you realize that some of the most successful dystopian Sci-Fi novels or movies have a “Big Brother” as the bad entity who watches over everyone's lives and subsequently begins to control them, things may begin to change.

To give you an idea of the scale of carmaker data theft that has been going on in recent years, Washington Post's technology columnist Geoffrey A. Fowler literally cracked open a 2017 Chevrolet Volt with the help of a company called ARCCA, specialized in reconstructing car accidents and forensic analysis.

With the help of a laptop, some unique software, a bunch of circuit boards and dozens of sockets and screwdrivers, ARCCA's James Mason managed to discover multiple interconnected computers that can generate up to 25 gigabytes of data per hour from all of the vehicle's sensors.

He discovered things like the car's location at almost any given moment, the way it's been driven, logs of phone calls made from the car, contacts that include addresses, emails and even photos of those contacts.

To make things even more interesting, Mason also extracted data from a used Chevrolet infotainment system that he had bought on eBay. Apparently, the previous owner was regularly calling someone listed as “Sweetie” in his contacts, usually bought gas from a Gulf fuel station, frequently ate at a restaurant called China and used a Samsung Galaxy Note phone. A personal photo of “Sweetie” could also be extracted from the system.

ARCCA's expert “hacker” also disclosed that he had hacked into Fords that record their location even when the navigation system is not in use and most owners are definitely not aware of that.

To put things into perspective, General Motors alone has about 11 million cars equipped with a 4G-LTE connection, while pretty much all new Audis, BMWs, Toyotas, Volkswagens, and Mercedes-Benz models can be specified with or already have built-in Internet connectivity.

Even better, the latest Tesla models are not only continuously wired to the carmaker via the Internet but can also collect video from their surroundings and they're not even the only cars that do that.

The multitude of sensors and cameras on modern cars can continuously send the (encrypted) data back to the carmakers' servers who can pretty much act like they own all of it and thus can what they want with it.

The worst that can happen? Well, for one thing, this can give backdoor access to the most private things you do with, and I stress this, your own personal car. It's already been proved that modern cars can be hacked, and the Internet-of-Things (IoT) can open a door to a whole different level of threats.

Remote hacking can not only open the doors to your car but can also control it remotely since lots of new cars come with drive-by-wire controls, meaning they're essentially robots on wheels.

I'm not talking about enslavement by robots, at least not just yet, but keep in mind that Level 3 SAE autonomous driving is about next week away. That will also come with some potentially ugly consequences from this perspective.

Who actually controls where all the data gathered by today's cars is going and how it's used? There no legislation that explicitly prohibits carmakers from selling it to third-party individuals. There's also no way of knowing if carmaker servers can be hacked also.

For example, if you have a paid OnStar service you also have access to an online marketplace where your vehicle can be connected directly to third-party apps for pizza, or groceries or whatever.

IoT is awesome, you say, for all the convenience it brings, and that is definitely true, I'm not saying we should go back to an abacus for calculations or payphones scattered at every corner to call our loved ones, but we should probably think about the potential downsides of technology as well. Privacy should be a right no matter what product you choose to use.

 
 
 
 
 

Would you like AUTOEVOLUTION to send you notifications?

You will only receive our top stories