Could Your Car Be Responsible For Your Next Data Leak?

A hacking experiment leads to surprising results

A few days ago, The Washington Post (WaPo) held an interesting experiment. With the help of an automotive technology expert, they hacked into a Chevy Volt to see how much information the car was collecting on its driver. The results were pretty alarming.

A technology enhanced car should be collecting diagnostic data on itself. It’s even reasonable to expect it to record mileage and possibly where it’s been. What WaPo reporters found was a lot more than that.

The information in one system

With the help of Jim Mason, a PhD in engineering who hacks into vehicles for a living to reconstruct car accidents, they were able to access the infotainment computer. With a few simple hacks, Mason was able to see where he’d been that day. He was also to see unique information on his and his passenger’s phones. The car even collected the names and personal information of the contacts stored in Mason’s phone.

Mason and WaPo decided to do a more in depth search, purchasing another infotainment system online for less than $400. They were able to glean enough data from the purchased system to know the names of the contacts in the person’s phone, where they traveled, pictures from their phones, and the locations of gas stations and restaurants they’d visited.

The fine print

Chevy hasn’t disclosed the fact that they’ve collected all this to any consumers. They also don’t list it in the owner’s manual as there are no laws or regulations stopping them from collecting this type of information. After some questioning, Chevy wouldn’t own up to what it was collecting off the other computers in the car (there were 7 total.)

In 2014, 20 automakers pledged to adhere to privacy standards in connection with the data they collect. None of them have upheld that promise.

Why it matters

According to tests, the computers in new cars are extremely easy to hack. And if you’re thinking this is some science fiction nightmare, it’s not. It’s a reality. Car hacking has already happened.

In 2010, over 100 customers who purchased vehicles from Texas Auto Center found their cars were going out of control. A disgruntled employee was later charged with helping to facilitate the hack. The software used to disable the cars didn’t have the ability to shut down a moving vehicle, but that wasn’t the case for Andy Greenberg.

The Wired writer contacted two hackers in 2015 to challenge them to take over his moving vehicle with him in it. They were able to take over complete control of all functions in the Jeep, including killing the transmission while Greenberg drove on the highway.

This wasn’t the trio’s first experiment. Greenberg had challenged them in 2013 to take over his car in the safety of an empty parking lot. They were able to do it by plugging their laptops into the main switchboard of the car. Two years later, in 2015, their hacking was completely wireless.

Well that’s scary

As technology advances, we’re constantly bombarded with new gadgets and lifestyle changes that make our world safer and more interconnected. Unfortunately, a lot of the people utilizing that technology aren’t thinking about the risks associated with wireless integration.

While the the idea of having a lack of control over the machines we rely on to carry us from place to place may be scary, remember that you have a voice. Ask questions of your automaker, and make sure you are a well informed consumer. And if you’re really concerned, give your state’s attorney general a call. It’s up to all of us to protect our identity from potential breaches.

14,192 total views, 5 views today

(Visited 1 times, 18 visits today)

22 thoughts on “Could Your Car Be Responsible For Your Next Data Leak?

  1. It’s not your car that will be responsible, it’s the people collecting it that will be/are responsible. The information leaks come from the inside: People working at where the information is accessible, needing money due to various out of control habits, people with an axe to grind about the Company, world, universe.
    And what good comes of all of this personal information gathered? People that collect it to make money off of other people’s personal information. People’s information that is collected should be highly reimbursed for it.

  2. Crap I was just thinking of up grading my wife’s 2014 Grand Caravan, now I’m going to have to see if I can wipe all the data from it before I trade it in. Anyone have any idea on how to do that? Thank you very much for the heads up PC Matic.

  3. Should be illegal. So called “Smart” Appliances hook into a a community’s grid, and are then controlled by the grid itself. This crap has GOT to stop. Thanks for the information. So happy I’m a PCMatic customer.

  4. Alan Robbins hit the nail on the head – we are just a commodity to the corporate world. While I feel that some data collection can benefit everyone, the corporations go way beyond reasonable limits and they can sell data to other entities without regard to how it is used. We can thank our numb skull legislators for turning a blind eye and deaf ear because they are in bed with the corporate world to get re-elected and line their pockets – to heck with the voters that put them in office,

  5. The only data that should not be subject to access AND delete by an owner is vehicle safety and performance data from on-board accelerometers, engine performance sensors, mileage, etc…all other stored data should be accessible and allowed to be deleted by the owner.
    Accessing your consumer data should only be allowed via a minimum 13 alpha-numeric, special character password.

  6. I just bought a new 2019 Chevy Impala and the dealers media person will be setting up the system on Thursday. I printed the article here and will show it to her and I’d like to know what i should be asking her to setup on my system i.e. wifi, blue tooth, any media on my car? I will ask that the RDP post be disabled.

    • RDP stands for remote desktop protocol, which is a port that permits remote access into your network. If it is not used, it should be disabled, as hackers are using this as a method to gain control over networks and spread malware.

    • If they can do this how come they can`t track car who have kidnapped someone and get them before they kill someone? Are find the cars that carried a murdered body and catch the killers.

  7. YOU are a commodity, your movements have value, and have already been sold. Your smartphone has been doing this for years. If you don’t want to play, drive an old car, don’t own a cell phone, and don’t use a computer connected to the Internet. Good luck with that!

    • Alan- I did not sign up to be a commodity. Using your logic I should be able to monitor your life and suggest how much toilet paper, drugs, alcohol,after shave, food-prepared or not, and computer time you should be allowed.

  8. Just bought a 2019 Lexus and have installed what was recommended by the manufacturer as a GPS app called Scout GPS. I am already having a bad feeling about this. It interfaces with my car phone in order to use the application for navigation.
    I am creeped out and seriously considering removing the application and just using my iPhone for navigation. That’s a sad thing to consider since I paid so much money for this luxury car. It’s hard for me to imagine that a luxury car manufacturer would sink so low as to outsource a navigation system. It’s just plain weird. Anyone else justifiably paranoid about this?

  9. Unbelievable, and should be illegal. There should be an option to block or disable access. Next they’ll be videoing you and your family and listening to your conversations.

    • Your conversations can be listened to as well as you being video’d. I turn my cell phone off while in the car, plus turn off Bluetooth.

      I never have liked being that easy to get to ever since pagers came on the scene…and I’m not a medical person. I even
      put tape over the camera on my desktop computer.

  10. Manufacturers should be required to provide consumers with the ability to password protect all onboard computer systems from outside access, and to enable short term temporal passwords for service personnel.

  11. Can you tell me how far back in years can they break into autos? If I had a 2002 model Chevy, would they be able to get into it?

    • Michelle, yes.
      https://www.usatoday.com/story/tech/columnist/komando/2014/12/26/keep-your-car-black-box-private/20609035/

      From the article.

      “Black boxes in cars aren’t a new idea. The practice started in 1994 with cars from Cadillac, Buick, Chevrolet and Pontiac. The black boxes were meant to help manufacturers learn how their cars performed in crashes.

      Since the early 2000s, the National Highway Traffic Safety Administration (NHTSA) has been collecting black box information to get a better picture of the circumstances surrounding car accidents. In 2013, 96% of every new car sold in the United States came with a black box, and as of Sept. 1, 2014, every new vehicle must have one installed.”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.