Hacking Into a Modern Car Puts the Driver’s Privacy at Risk

There’s no beating around the bush about it; modern cars are smart. So smart that they know where we commute, where’s our favorite fast-food joints, and where we’re going out on a date. Gigabytes of information are generated by a vehicle’s sensors and computers every hour or so, and that data can get into the wrong hands pretty easily.
Chevrolet Volt 10 photos
Photo: Chevrolet
2019 Chevrolet Volt2019 Chevrolet Volt2019 Chevrolet Volt2019 Chevrolet Volt2019 Chevrolet Volt2019 Buick LaCrosse2019 Buick LaCrosse2019 Buick LaCrosse2019 Buick LaCrosse
“What does your car know about you?” is the question The Washington Post asked on this subject. “We hacked a Chevy to find out,” a 2017 model year Volt owned by a volunteer named Doug. General Motors is at the forefront of remote diagnostics thanks to the OnStar subscription service, rolled out in 1996 in three 1997 Cadillac models.

More modern vehicles have 4G LTE connectivity built into their infotainment systems, complemented by free basic services which may sound good in the first instance. The terms and conditions clearly state that using OnStar means that General Motors is free to use various data collected by your vehicle. As if that wasn’t enough, General Motors is also entitled to sell this information to third parties.

The 2017 Volt analyzed by The Washington Post reveals the extent of that data, including phone logs, a contacts list, people’s addresses, photographs, and e-mails. Another infotainment system from Chevy – bought off eBay for $375 - “contained enough data to reconstruct the Upstate New York travels and relationships of a total stranger.”

Hacking cars for a living might not sound like a proper job, but Jim Mason from ARCCA can also confirm that Internet-connected Fords record your vehicle’s location every few minutes even with the satellite navigation system turned off. “He’s seen German cars with 300-gigabyte hard drives — five times as much as a basic iPhone 11. The Tesla Model 3 can collect video snippets from the car’s many cameras.”

The awful truth is that you can learn a lot about an individual if you buy his or her car. Biding on eBay for his or her car’s infotainment system can also result in a privacy risk as long as you know how to hack into the computer or know a man like Jim who can do it for you. Oh, and by the way, General Motors can keep the data collected from your car “for as long as necessary” as per the company’s privacy policy.

On the upside, there are changes in the pipeline. Designed to protect the user instead of the company, the California Consumer Privacy Act will go into effect in 2020. According to this bill, any company that collects personal data must provide access to the data and give the user the ability to opt out of sharing this information. The question is, when will the other U.S. states and the rest of the world follow suit?
If you liked the article, please follow us:  Google News icon Google News Youtube Instagram X (Twitter)
About the author: Mircea Panait
Mircea Panait profile photo

After a 1:43 scale model of a Ferrari 250 GTO sparked Mircea's interest for cars when he was a kid, an early internship at Top Gear sealed his career path. He's most interested in muscle cars and American trucks, but he takes a passing interest in quirky kei cars as well.
Full profile


Would you like AUTOEVOLUTION to send you notifications?

You will only receive our top stories