Here we are in 2020, the days of parking your own car are over! Some cars will even come get you with a tap of your phone (do we even need to say smart phone anymore?).
Today we’re talking about cars, but not about transmissions and engines and all that. Rather we’re talking about digital privacy.
As more and more companies and devices collect our personal data, track our habits, and analyze our every purchase, movement, website visit, meal, etc.; it’s more important than ever to be cognizant of who we’re giving permission to collect and use that information. We get to add personal vehicles to the list of companies/devices/whatevers to the list of things that are constantly collecting info on us.
A reporter for the Washington Post, recently published an investigative report about this very topic. The reporter recruited a forensics engineer to “hack” into a 2017 Chevy and see just what data he could access. The good news here is your car is very, VERY unlikely to be the weak point in the security of your data. According to the article, modern vehicles have multiple, interconnected computers that can generate up to 25 GB of data per hour from sensors all over the car. This number will only go up as more cars are equipped with more and better sensors as we get closer and closer to autonomous cars. Also, it took a professional hours of physically accessing the vehicle, special tools and software to access the infotainment system, just one of many internal computers, and the reporter had to take the car to a repair shop to get the infotainment computer reinstalled. So there’s very little chance a hacker can access you’re the information directly from your car.
Unfortunately, there’s very little you can do to control what data is collected and who eventually gets access to it. In the article, the reporter accessed his phone’s ID, the people he called and information (pictures, emails, addresses) associated with them, and his acceleration and braking style. The owner’s manual doesn’t tell you what’s being recorded and there’s no way to download your personal data or even opt out of sharing for the most part. The reporter even bought a used infotainment system from ebay and extracted enough data to reconstruct a trip to upstate New York, the person’s relationship with someone frequently called “sweetie”, sweetie’s picture, locations they frequented, and the unique identifier for the seller’s Samsung Galaxy Note phone. And all this is just collected from one of the vehicles many interconnected computers, granted it’s the one drivers generally connect their phones to.
Obviously there are good and bad sides to the collection of this information. In vehicle-crash disputes, information about location, speed, braking could offer integral evidence. If your car is ever stolen, real-time location data could be key in helping recover it. Even remote unlocking could come in clutch (see what I did there?) at certain times. But in the hands of malicious entities, this information and access could be used for nefarious purposes. Back in 2015, hackers were able to remotely kill a jeep (and more) while it was traveling 70 mph down the interstate.
It may be a pessimistic outlook, but it’s only a matter of time until a large-scale data breach happens to an automaker. And the type and quantity of data is only going to expand as cars become more and more advanced.
So what can you do?
Drive an older car? Don’t connect your phone? Be extra-cautious about using connected services and ask the dealership about what your options are for turning them off? Or just keep your fingers crossed the car company has proper cybersecurity measures in place?
The simple answer is there’s no easy solution to the entire data-collection issue, and as long as there’s something to be gained from stealing that information, people are going to try and steal it.
Welcome to the future! Stay safe out there.