Connected vehicles a threat to online privacy

Blind_Io

"Be The Match" Registered
DONOR
Joined
Apr 5, 2006
Messages
24,200
Location
Utah
Car(s)
See signature
The original Washington Post article is behind a paywall, so here is the next best story I found.

https://www.caranddriver.com/news/a30260730/chevy-volt-hacked-data-collection/


  • The Washington Post published an investigative report today in which it gets a hacker to figure out just what kind of information OnStar and a randomly selected 2017 model car's internal computers are collecting.
  • A lot, it turns out, including saving pictures of your contacts and logging where you go.
  • There are ways to limit how much data your car collects, but they're not obvious, the paper concludes—and the tinfoil treatment humorously shown in the accompanying photo won't do the trick.
It's easy to count up the benefits to connected cars. From using your phone to warm up the cabin on a winter day to setting speed limits for the new teenage drivers in your household, telematics can make life a bit easier. But you're probably not surprised to hear that these upsides come with some potential downsides as well.

This was proven in a big way by Washington Post tech columnist Geoffrey Fowler (pictured above), who dug into just how much information his test car, a 2017 Chevrolet Volt, is collecting. Perhaps more important, though, Fowler wanted to see just how much information GM is getting from its connected cars. It's one thing for your car to store your favorite Starbucks in the nav system. It's another if the car company collects that information. The reporter made it clear that this is not a Volt thing, or a Chevy thing; nearly all new cars now have connectivity, including onboard internet connections.

For now, exactly what information goes where is a bit of an unknown by anyone other than the automakers themselves. As Fowler writes, "My Chevy's dashboard didn't say what the car was recording. It wasn't in the owner's manual. There was no way to download it."

To figure this out, Fowler had someone hack into the Volt. He discovered that the car was recording details about where the car was driven and parked, call logs, identification information for his phone and contact information from his phone, "right down to people's address, emails and even photos." In another example, Fowler bought a Chevy infotainment computer on eBay and was able to extract private information from it about whoever owned it before him, including pictures of the person the previous owner called "Sweetie."

While GM was the subject of Fowler's experiments, it's not the only company collecting data on its drivers. In 2017, the U.S. Government Accountability Office looked at automakers and their data privacy policies and found that the 13 car companies it looked at are not exactly using best practices. For example, while the automakers say they obtain "explicit consumer consent before collecting data," the GAO says they "offered few options besides opting out of all connected vehicle services to consumers who did not want to share their data."

GM's OnStar privacy page makes it clear that the company "may use your information to improve the quality, safety, and security of our products and services, to develop new products and services, and for marketing." In response to Car and Driver's request for comment for this article, a GM spokesperson said: "Nothing happens in terms of connected services without customer consent," and also pointed out that collecting vehicle data such as location, vehicle health and status, and operating information "enables many important safety and connectivity services [including] automatic crash notification (alerting first responders to an accident scene), stolen vehicle locator, and vehicle health monitoring (monthly emails to an owner advising them of service and maintenance status)."

"Data is also used to improve vehicle quality and enhance future product designs," the GM spokesman said. The spokesperson also noted that new GM vehicles have a "location services" setting on their center screen, saying, "This allows the driver to switch location services on or off at any time, much like smartphones."

GM also told the Post's Fowler that it will update its privacy policy by the end of 2019.

Currently, No Federal Regulations Are in Place
Data privacy may be a big and growing issue in the automotive industry, but legislators and automakers are moving slowly to tackle it. Fowler points out that there are no federal laws to regulate what automakers can collect or use when it comes to personal driving data. Since 2014, 20 automakers (including GM) have pledged "to meet or exceed commitments contained in the Automotive Consumer Privacy Protection Principles established to protect personal information collected through in-car technologies," according to the Auto Alliance. The first of those principles is to "provide customers with clear, meaningful information about the types of information collected and how it is used," but Fowler's experience shows that this doesn't always happen in the real world.

To limit what private data your car collects about you, Fowler recommends not connecting your phone directly to your car via the built-in USB port and to use 12-volt chargers instead. He also suggests using an app called Privacy4Cars to make sure you delete your data from cars you use but don't own, including rentals or when you borrow one from a friend.

These tricks might not be enough when the upcoming 5G networks arrive and allow vehicles to transmit more data in less time. Coming soon to a dashboard near you.
 
Don’t worry, the corporations will take care. We don’t need regulations on this.
 
Having seen what Toyota Australia has planned for their connected vehicles systems and the masses of data it is collecting - I would be worried.
They're selling as a safety initiative but the end game is to be able to sell that data to insurance companies and the like.
 
From my understanding, the On-Star in my Pontiac is too old to function, so planned obsolesce has saved me there. The great thing about the tech world is that if you stop upgrading you eventually no longer exist.

Apple is still data mining me, but considering the quality of Apple Maps I won't need to worry about them knowing where I am.
 
Top