Could Your Car Be Responsible For Your Next Data Leak?

A hacking experiment leads to surprising results

A few days ago, The Washington Post (WaPo) held an interesting experiment. With the help of an automotive technology expert, they hacked into a Chevy Volt to see how much information the car was collecting on its driver. The results were pretty alarming.

A technology enhanced car should be collecting diagnostic data on itself. It’s even reasonable to expect it to record mileage and possibly where it’s been. What WaPo reporters found was a lot more than that.

The information in one system

With the help of Jim Mason, a PhD in engineering who hacks into vehicles for a living to reconstruct car accidents, they were able to access the infotainment computer. With a few simple hacks, Mason was able to see where he’d been that day. He was also to see unique information on his and his passenger’s phones. The car even collected the names and personal information of the contacts stored in Mason’s phone.

Mason and WaPo decided to do a more in depth search, purchasing another infotainment system online for less than $400. They were able to glean enough data from the purchased system to know the names of the contacts in the person’s phone, where they traveled, pictures from their phones, and the locations of gas stations and restaurants they’d visited.

The fine print

Chevy hasn’t disclosed the fact that they’ve collected all this to any consumers. They also don’t list it in the owner’s manual as there are no laws or regulations stopping them from collecting this type of information. After some questioning, Chevy wouldn’t own up to what it was collecting off the other computers in the car (there were 7 total.)

In 2014, 20 automakers pledged to adhere to privacy standards in connection with the data they collect. None of them have upheld that promise.

Why it matters

According to tests, the computers in new cars are extremely easy to hack. And if you’re thinking this is some science fiction nightmare, it’s not. It’s a reality. Car hacking has already happened.

In 2010, over 100 customers who purchased vehicles from Texas Auto Center found their cars were going out of control. A disgruntled employee was later charged with helping to facilitate the hack. The software used to disable the cars didn’t have the ability to shut down a moving vehicle, but that wasn’t the case for Andy Greenberg.

The Wired writer contacted two hackers in 2015 to challenge them to take over his moving vehicle with him in it. They were able to take over complete control of all functions in the Jeep, including killing the transmission while Greenberg drove on the highway.

This wasn’t the trio’s first experiment. Greenberg had challenged them in 2013 to take over his car in the safety of an empty parking lot. They were able to do it by plugging their laptops into the main switchboard of the car. Two years later, in 2015, their hacking was completely wireless.

Well that’s scary

As technology advances, we’re constantly bombarded with new gadgets and lifestyle changes that make our world safer and more interconnected. Unfortunately, a lot of the people utilizing that technology aren’t thinking about the risks associated with wireless integration.

While the the idea of having a lack of control over the machines we rely on to carry us from place to place may be scary, remember that you have a voice. Ask questions of your automaker, and make sure you are a well informed consumer. And if you’re really concerned, give your state’s attorney general a call. It’s up to all of us to protect our identity from potential breaches.

Stop Responding to Threats.
Prevent Them.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles