Cars have undergone a major transformation in recent years.
Traditional models are slowly being replaced by new-age, technology-packed vehicles. Telematics and infotainment that provide convenience, entertainment and security are a driving force behind this revolution.
But they are also turning modern vehicles into one of the biggest threats to personal privacy.
Before we dive into why that’s the case, let’s first get our terminology straight.
At its core, a telematics system includes a vehicle-tracking device installed in a car or truck that enables the sending, receiving and storing of telemetry data. This data typically contain vehicle’s position, speed and direction, as well as info coming in from a multitude of sensors within the car. The technology is used for analyzing driving patterns, predicting the best routes, engine diagnostics and other useful applications.
An infotainment system is a collection of hardware and software in automobiles that provides vehicle status information, as well as audio or video entertainment. Once controlled by dashboard knobs and dials, modern infotainment systems include steering-wheel-based audio controls, LCD touchscreens and other state-of- the-art features. They can also be paired with smartphones, becoming their extension and allowing the driver to run apps within the infotainment console, make hands-free calls, send messages, play music and more.
In doing so, day after day, these systems generate torrents of data (around 25 gigabytes per hour), a portion of which is transmitted to the manufacturer as well as stored on your car’s storage device. The amount of data recorded is truly impressive and disconcerting, and includes various technical vehicle parameters, GPS location, favorite destinations, speed and so on. Once a user connects their smartphone to the console via USB (or wirelessly), the amount of data shared with the car increases even further. By pairing up with the device, the infotainment system downloads (and saves) even more data, adding to its database information that previously existed only on your smartphone. This includes your favorite music, apps, social media, emails, SMS history, voice data and more.
Used-car treasure troves
Used cars are even worse. Their data logs contain records of every phone ever connected to them, making them a veritable treasure trove for savvy hackers and government agencies alike.
In July 2020, detectives of Kalamazoo County, Michigan, took advantage of this and solved a three-year-old case by downloading the suspect’s voice recording from a 2016 Chevy Silverado pickup truck. The suspect asked the truck’s infotainment system to play Eminem at the time of victim’s death, and this timestamped action was instrumental in reconstructing his movement and building up the case against him.
While this kind of information can (and should) be used selectively in legitimate investigations, there’s ample opportunity for abuse, such as what can happen during warrantless searches without probable cause. They allow agents to gain access to a digital device, such as the car’s infotainment console, and use specialized tools to take possession of personal information, intimate correspondence and media without providing any explanation for this breach of privacy.
This same approach can also be used by hackers, who then use personal information to come up with a convincing phishing strategy for a follow-up attack, or simply blackmail the driver, threatening to make their private data public if they don’t provide payment.
In an uphill battle for online privacy, high-tech vehicles are a weak link that must not be ignored. With the expansion of Internet of Things (IoT) and the advent of self-driving cars, this threat will become even greater.
While software companies and car manufacturers certainly could do something to make privacy features more robust, chances are they will drop the ball. They’ll either succumb to government pressure or be beguiled by the sweet “cha-ching” of the marketing money rolling in as they sell your private information online to advertisers and spammers.
So it’s up to you to protect your own privacy. Remember to wipe personal data from your car’s storage, deny app permissions that make no sense (i.e., any music app doesn’t need access to your messages and contacts), and finally, keep personal conversations away from prying eyes (or ears).
Good luck and safe journey.