Car makers have been bragging about their cars being “computers on wheels” for years to promote their advanced features. However, the conversation about what driving a computer means for its occupants’ privacy hasn’t really caught up. While we worried that our doorbells and watches that connect to the internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines. Machines that, because of their all those brag-worthy bells and whistles, have an unmatched power to watch, listen, and collect information about what you do and where you go in your car.
All 25 car brands we researched earned our *Privacy Not Included warning label — making cars the official worst category of products for privacy that we have ever reviewed.
Much to the surprise of nobody.
A bigger concern really is security and safety.
A lot of vehicles have adaptive cruise control and self-parking with the systems that enable this communicating over the regular CANbus. This is accessible over the regular ODBII port without any authentication of any kind. I could slap a device on the D-plug under your steering wheel that would allow me to take full control of your car ( even remotely ).
If you have an edutainment system or On Star like system that provides Internet access, you better be sure these two systems do not talk to each other or I will not have to add anything to take remote control of your brakes and steering wheel. There have been numerous examples in the industry already where they have screwed this up. In one example, they were sure to “air gap” the entertainment system and vehicle control. Then somebody added a back-up camera to the design where it needed to know the steering wheel angle to show lines on the screen as you reversed. Oops, that connects vehicle control to the entertainment system again. Hello remote vehicle control.
Car makers are way, way behind on thinking about security.
Wait, so if I buy a new car, without subscribing to any service or installing any app, that thing is always-online, presumably connecting to a mobile network, and will remain so for decades?
Some years ago I saw a documentary about a man who committed a murder using a crossbow in the UK, and the murder was solved using tracking data from his car. I’m well aware that there are cameras everywhere telling the authorities where any given car is, unless they stick to rural back roads, but never realised that many new cars essentially spy on their owners. Of course, solving a murder is a good thing, but it could be put to much less benign use.
Matthew Smith,
Gilgo Beach murders were solved with cellular tracking to find out who was near the crime scene. It’s a handy tool for law enforcement, especially with criminals who don’t realize they’re leaving digital footprints. It’s only a matter of time before a smart criminal uses the same tracking and digital evidence to implicate others in crimes they didn’t comment. You could plant internet history, cellular tracking, some physical evidence, boom you’ve got a good chance of convicting the wrong guy.