Smart cars are prime time as well as mainstream. But are they really cyber-ready? The safety concerns we discuss in this article suggest that they are not, and in more ways than one. When it comes to security while selling a connected car, this reality is, unfortunately, a generally accepted one. The sensors, computers, software, and tools that control the functions of smart cars prevailing in today’s digital world are notorious for having vulnerabilities. There are stories that we hear in a continuous stream and a large volume of evidence that the data that smart cars obtain can be hacked and used for ill-meaning purposes that can potentially cause physical injuries or even death.
Are Smart Cars Secure for Selling?
It is a harsh fact that the current technology is unable to anonymize any piece of data a hundred percent. When multiple data sets are used to process the data with big data analytics and Artificial Intelligence (AI), etc., the results almost always reveal specific individuals. And even with data collection with anonymity and at the most minimalist levels, the risk of re-identification is still there through other data that is combined with it and depending on which kind of algorithms were used.
All IoT communications are vulnerable as advanced data analytics is equipped with a strong ability to put different data pieces back together. We have to understand that privacy and data security by design is something completely different than trying to secure information that is flying out there through the air.
When you own and drive around a connected car, the manufacturer of the car gathers huge amounts of data pertaining to you each day. Smart cars have become much more connected now than they used to be until a few years back. They are linked to smart devices, other cars, and their makers. What happens to the data your connected car collects and transmits while you own it? And more critically, what happens to the driver data when an owner is selling connected data? The former question still has some clarity to it, but the latter one has almost none.
Each time you drive your connected car, it emanates several different data points, including voice requests, entertainment choices, your abilities of driving, speeds, contacts, search history, locations, etc. When an individual is selling a connected car, they can either transfer the data they have stored on the app connected to their cars, such as OnStar or a manufacturer’s app, or delete it. While the former can be a huge risk unless you completely trust the new owner, the latter is not of much use as the app is only one place where the information is stored.
You see, it is not just the manufacturers of smart cars or third-party apps like OnStar that hold the data your connected car accumulates, but they sell it to third parties as well that use it for several different purposes. Insurance companies, for instance, leverage the data to customize their services to the average driver. Similarly, different law enforcement agencies, in certain jurisdictions, can also give your conversations inside your connected car a listen and access the car’s location history by obtaining warrants for them.
It is not just the person who is selling a connected car which is potentially at the risk of data loss but the individual who is buying a connected car as well. This is so because the seller might have connected to the car through more than one source and may keep access to the connected car’s functionalities after they have sold it. The main source of the problem is the lack of transparency of the data privacy regulations concerning connected car data. The manufacturers inform you about the category of information they seek to collect, but most connected car owners are unaware of how and to whom their personal information is being packaged and sold.
There is an acute need for auto manufacturers to take on the responsibility of securing the privacy of the driver data with the help of various vehicle communication services, like OnStar. Currently, most of the auto manufacturing companies admit that their new car customers’ preceding 12 months of ownership might have had the companies sell their personal information, such as consumer interaction data, consumer online activity, consumer service and product data, and contact information, to one or more third parties. The companies hold that the owner of a connected car consents to data collection by simply leasing or purchasing a vehicle that is equipped with connected services.
What Happens to the Data of a Sold Connected Car?
Confusion prevails over what happens and should happen to the data collected by smart cars at the time of selling. Who should be responsible for transferring it to the new owner or deleting it? How easily can the buyer of a connected car retrieve the driver data of the previous owner? When smartphones connect to the in-car systems, transference of data takes place. The connected infotainment system receives and stores information like the home address of the user, contents of their smartphone, locations they visit, etc. The need for someone to be made responsible for its protection is huge.
The same is also true for rented smart cars. The person renting or buying a connected car can easily retain personal information about its previous owner, or even owners, through its infotainment system. According to Privacy International, much more should be done to safeguard the information of connected car users. There should be an agreement between the person buying the connected car and the one selling it over who is responsible for the transfer or deletion of data. Furthermore, a set of regulations or laws should also be there for the purpose.
“Messaging about the benefits and economic potential of intelligent vehicles offers an incomplete picture, because it doesn’t talk about the risks that the technology creates for us and our privacy.”
-Sharon Polsky, President at Privacy and Access Council of Canada
“That’s a concern: if you don’t know who can access it or know who the data controller is, how can you assert your data protection rights when you want that data removed?”
– Graham Wood, Legal Officer at Privacy International
Some smart cars do come with a factory reset option. However, in more instances than not, the owners of smart cars either do not know that the option exists or find it difficult to locate it. It is also not clear with the option what information it deletes and what data it skips.
How to Delete Data Before Selling a Connected Car
According to the FTC (Federal Trade Commission), consumers should consider their smart cars as extensions of their computers or smartphones because that is exactly what they essentially are. However, for people who are not very tech-savvy, wiping data before selling a connected car can be overwhelming and daunting. Here are a few steps you should take to make a secure transfer of ownership of your connected car:
- Transfer over all your subscriptions to the person buying your connected car or cancel them. The subscriptions may include music streaming services, satellite radio or emergency communication services, WiFi hotspots, data plans, etc.
- Uninstall all applications from your car’s system, especially the ones that pair with mobile apps installed on your smartphone. Make sure your account credentials, like your username and password, are not saved in the system of the connected car.
- Format all removable media storage devices, such as SD cards or USBs, in your connected car.
- Delete all data, including music, images, and videos, from within the internal hard drive of your connected car.
- Reset the function responsible for automatically opening your garage door.
- Make the car ‘forget’ all past Bluetooth pairings.
- Wipe all the data from the car’s navigation system. No address or maps should remain on it.
- Empty the phone book, removing each and every contact from therein.
- Either check the owner’s manual of your connected car or contact its manufacturer’s helpline to check if the vehicle has a factory reset feature. If it does, use it to reset all the data and settings stored on it.
The newer the model of your connected car, the longer the list of connectivity features it will have. It might take you long to go over the checklist, but it is worth it to ensure the mitigation of data loss chances. According to the FTC, going through with the factory reset option is not enough as it might not remove all the data that you want to remove, and going through each feature individually is crucial.
Conclusion
There are specialized services for the purpose of clearing all the stored data from devices as well, and most of them accept smart cars as well. You can seek assistance from such a service before selling a connected car to make sure none of your personal data pieces remain on it.
More about Irish Tech News
Irish Tech News are Ireland’s No. 1 Online Tech Publication and often Ireland’s No.1 Tech Podcast too.
You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news
If you’d like to be featured in an upcoming Podcast email us at [email protected] now to discuss.
Irish Tech News have a range of services available to help promote your business. Why not drop us a line at [email protected] now to find out more about how we can help you reach our audience.
You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.