Photo credit: Oli Scarff/Getty Images
As technology further integrates into the car industry, doing things from the car continues to get easier. You can have Volvo drop off packages, talk to Amazon’s Alexa and all sorts of things. But technology can also allow people to access cars long after they have sold them, which is enough to leave any buyer uncomfortable.
According to CNN, IBM researcher Charles Henderson says he sold a car several years ago and can still control it from his phone. Henderson can also see exactly where the car is, if he decides to check. Being a researcher, Henderson tested the situation on cars from four major manufacturers and found the same to be true.
The CNN story did not name Henderson’s former car nor the manufacturers he tested, but it’s still creepy to think about the various breaches in privacy we open ourselves up to by simply purchasing such connected devices. From CNN:
“The car is really smart, but it’s not smart enough to know who its owner is, so it’s not smart enough to know it’s been resold,” Henderson told CNNTech. “There’s nothing on the dashboard that tells you ‘the following people have access to the car.'” …
At the RSA security conference in San Francisco on Friday, Henderson explained how people can still retain control of connected cars even after they resell them.
Manufacturers create apps to control smart cars — you can use your phone to unlock the car, honk the horn and find out the exact location of your vehicle. Henderson removed his personal information from services in the car before selling it back to the dealership, but he was still able to control the car through a mobile app for years.
CNN reports that in Henderson’s research on how to combat this kind of thing, he found out that a factory reset of the car — such as the kind you’d do on a smartphone before giving it up — doesn’t revoke access of former devices used with it. At the time being, Henderson’s research found that only authorised dealerships have the ability to see which devices have access to the car and to manually remove a device from it.
It may seem like the obvious answer to let people revoke access from the vehicle themselves, but Henderson told CNN things aren’t that simple. If a non-owner, such as an acquaintance or a valet person with bad intentions, had access to the vehicle, the rightful owner’s access and control over the car could be removed.
Henderson suggested a system that requires owner authentication could help, but told CNN that car companies were still hesitant about owners being able to use the system without user error. That’s odd, considering that it would be an easy fix as an owner with, you know, the ability to authorise further changes.
But the worst part here isn’t necessarily the privacy. Imagine buying a used car from someone who intends for you to not know that he or she still has access to it, for the purposes of gaining access to your location and your interconnected devices. What weird, futuristic territory for criminal activity.
If all of that freaks you out, as it probably should, Henderson told CNN that owners should always check “user management” on smart devices to see who has access to their data and devices.
Good luck out there, everyone, because it sounds like technological privacy is actually a lot more complicated than putting a piece of tape over the built-in camera on your computer.