With all the connected technology found in modern vehicles, you might be wondering if the personal information that they store is safe.
For example, Audi and GM offer features with their new cars that rely on an always-on Internet connection. This enables Internet media streaming or smartphone-enabled apps that can unlock or remotely start your car.
They’re interesting features to be sure, but the addition of internet connectivity essentially turns your car into a computer of sorts, filled with personal data about you and your life. Is that information safe?
GM’s OnStar insists that it is.
Who Has Your Data?
“GM and OnStar are actively working to address these issues and are implementing protocols and strategies to reduce the risks involved,” she said.
According to Cusinato, OnStar is extremely transparent about what it does with customer’s data. “To improve clarity, we now describe our privacy practices in relation to three categories of information: account information, vehicle related information and driving information,” she said.
According to Cusinato, GM shares customer information only when it comes to assessing the safety, quality or functionality of its vehicles and services. The company may also give third parties this information, but it will not be identifiable without consent from the customer.
OnStar can also anonymize the information it shares depending on who it’s shared with and why. Cusinato said OnStar shares anonymous information with other companies for research and development. Of course, they will also share your location information with certain third parties like emergency responders.
The underlying message is consistent; GM doesn’t plan to share any information about its customers that is personal without consent, which should help some customers sleep easier.
Is Your Phone a Double-Agent?
But what about the other functions these online enabled cars allow? Does the fact that your phone can open windows and unlock doors present a security risk? Imagine this terrible scenario: you forget your phone somewhere and it falls into the wrong hands. Using your phone, he can see where your car is parked, unlock it and rob you blind.
“[Hyundai] is currently securing our vehicles from cyber-attacks and will work with NHTSA on guidelines to further protect vehicles,” Hyundai connected car publicity spokesman Miles Johnson said. The Korean company has a service called Blue Link, which is very similar to OnStar, and allows users to use a smart-phone to unlock and remotely start their cars. But the company knows it has to have its head on a swivel in order to protect its customers. “Hyundai is currently studying how to further secure our vehicles from cyber-attacks,” Johnson said.
Add in the fact that smartphones security is a mixed bag and you may not even need to lose your phone in order for someone to gain access to it and your car. According to an article by Consumer Reports, five percent of all smartphone users in the U.S. suffered from some kind of malicious software that accessed an account without their permission. Fortunately there are no reports yet of malicious software targeting apps like OnStar’s Remote Link, but if spyware can nab your bank passwords and credit-card information, your other accounts may be at risk too.
Reports from the Center for Automotive Embedded Systems Security (CAESS) say that cars are vulnerable to attacks. A demonstration by CAESS showed that attackers can take control of many functions of a car, including manipulating the door locks, disabling braking systems and turning engines off while the car is driving. Remote attacks can be done physically with a connection to the onboard diagnostics (OBD) port, CD players or wirelessly through Bluetooth or the cellular radio that’s used for Internet connection.
It’s uncommon, but there are cases where something like that happened.
By installing using a device that plugs into the OBD port, a dealership is Austin, Texas was able to prevent car theft in process by disabling the ignition and trigger the car’s horn.
That was fine until a disgruntled former employee gained access to the system and disabled over 100 cars. The problems stopped when an administrator reset the passwords, cutting off access to the system. A few days later the police managed to trace the attackers IP address and was able to arrest him for breach of computer security.
Car-hacking is a relatively new worry to automakers and car owners. In order to understand and fight this new problem facing the auto industry, the National Highway Traffic Safety Administration has budgeted $2 million towards creating a new task-force that will test and improve electronic these systems reliability.