Technological advancements happen for one basic reason: to make our lives better. There’s no doubt about that, but there is however a downside to all the breakthroughs of the modern world, and that is the unwanted exposure our personal data gets along the way.
Why does this happen? Because we want everything to be done easier.
We want our car to know by default our inside temperature preferences and to give us the exact directions to “home”, without us having to dictate the precise address. We want to be able to sync our phone’s contact book with our automobile so that we can simply say the name of the person we wish to call and hear them through the car’s sound system in an instant.
However, apart from these imaginable details we willingly let our cars track about us, there are also the less-obvious ones… a GPS is incorporated in our vehicles which always knows where we’re headed and there are numerous cameras and microphones which may record information about vehicle occupants. Biometric information, such as fingerprints or faces, can also be stored and eventually hacked.
Some of your most vulnerable personal data
Here is, according to the Future of Privacy Forum (fpf.org), some of the personal info your car stores and why you should delete it in case you ever decide to sell your vehicle or allow someone else to use it (be very careful especially if you have a work car that other colleagues may also have access to):
- Mobile Address Book – this gets downloaded when you “sync” your phone with a vehicle. Delete this information when selling a car, returning a rental vehicle or even giving your car to a vallet for parking. Some vehicles are equipped with a valet function, which temporarily locks out access to this information.
- Mobile Applications in the Car – it is known that numerous mobile apps store the user’s personal data, and when your phone is used with your vehicle, some or all data may be stored in the car as well. So when you download the next app, pay attention to the permissions you are granting.
- Vehicle Hard Drive Storage – many of today’s vehicles include built-in hard-drive storage (often for music or other “infotainment” features). Remember to delete the data on this hard drive when you sell or return your vehicle.
- Favorite Places on Navigation, such as Home or Work – very private info, delete it when selling / lending a vehicle. The valet function mentioned above may also come in handy here.
- Garage Door Programing – reset all garage door programing when selling a vehicle, because you may also give someone access into your garage/home together with your car keys.
- Optional Plug-ins – we are referring to other devices you connected to your vehicle, such as a dongle that may share car information with third parties. These devices are usually located under the steering wheel and are connected to a data port.
You can download the FPF guide quoted above here.
…but is hacking a vehicle really possible?
Of course. Back in 2015, a journalist from wired.com willingly took part in an experiment through which the car that he was driving was hijacked by two hackers. At first, the two remotely toyed with the air-conditioning, radio and windshield wipers, but the real coup de grâce occurred when the car’s transmission was cut, leaving the car’s driver with no control over the vehicle. The hacking duo could even disable the car’s brakes at low speeds.
How did the carjacking take place? Through the vehicle’s WiFi. The flaw that they managed to take advantage of was then fixed by Chrysler (as the car that was hijacked in the above-mentioned experiment was a Jeep).
However, this by no means ensures us that auto hacks have been prevented and will never occur again. Our physical safety aside, important personal data can also be stolen, so be very careful with the permissions you give to your car (as well as to all the other connected devices in your life).
Speaking of which, there are some…
Privacy principles for automakers
According to fpf.org, nearly all automakers have committed to ensuring that a car owner’s information remains private and secure by developing the Automotive Privacy Principles, which sets privacy practices in the automotive industry. These principles went into effect beginning with model year 2017 vehicles and for subscription services beginning on January 2, 2016.
To learn more about these, go to AutomotivePrivacy.com.
However, bear in mind that these commitments regarding data collection and use by automobile manufacturers do not extend to other third parties that may access data in your car (through a smartphone, an “app,” “dongle,” or any other device connected to an automobile).
Furthermore, to stay safe from potential privacy leaks, make sure the software your car is using is always up-to-date. With every new software version, previous vulnerabilities should be fixed.