- cross-posted to:
- pulse_of_truth@infosec.pub
- privacy@links.hackliberty.org
- cross-posted to:
- pulse_of_truth@infosec.pub
- privacy@links.hackliberty.org
Your car is probably harvesting your data. Here’s how you can wipe it::undefined
Mozilla did a privacy test on 25 different makes of cars and they all failed.
Mozilla did a privacy test on 25 different makes of cars and they all failed.
The Mozilla article is a scary article to read, really makes me hate what’s happening with cars and phones.
This article just seems like an ad
Which is exactly what I said when it was posted earlier.
The website seems scammy too. Got a banner at the top warning that you don’t have GCP or some nonsense thing they’re selling for “security”.
Nah, this guy is a scammer, looking to cash in on fear mongering.
Not to say what our cars do isn’t a HUGE problem , it is. But he just comes across as icky. Not like he wants to help people, just help people give him their Vin and who knows what else.
Look, scammer, you don’t need a Vin to tell people how to address this. Just make, model, trim, features. Cause here’s the thing… If it ain’t got a newer/fancy “entertainment” system or specifically markets remote diags, then it’s just local data that I doubt the owner can easily remove.
Having worked on many cars, vendor data is getting harder and harder to access, even though OBDII is a standard. Vendors still implement special codes. Generic readers may not even be able to read secondary systems, like transmission. If that is hard to access, how much harder is telemetry?
Anyway,simply knowing the brand would tell you which telemetry vendor they contracted with. After that it’s just based on the model.
Still has good information though.
Prefer this type vs. others.
Consumers in the dark
Most drivers have no idea what data their car is collecting because other than through Privacy4Cars it can be very hard to track down and digest the information. The privacy disclosures for the four cars mentioned above involved between nine and 12 unique documents, and each ran between 55,00 and 60,000 words, according to the Privacy4Cars site.
Older cars appear not to be immune. A check for a 2012 Honda Odyssey, for example, revealed the vehicle collects data from synced phones, geolocation information and compiles personal identifiers and user profiles.
Car owners should use the app to wipe data particularly when they buy or sell a used car and return vehicles to car rental agencies or leasing companies, Amico said, although most people don’t know they should do so.
Four out of five used cars contain the data of previous owners since most owners and subsequently car dealers don’t wipe them clean, he said.
In some cases cars even store pieces of code from previous drivers that can allow old owners to access new owners’ data. Most cars’ infotainment systems also store text messages and other unencrypted data.
Amico’s services aren’t foolproof. The FBI, for instance, still might be able to hack into the car’s systems and extract data. But they do make it a “hell of a lot harder” for them or anyone else to do so.
Even those unworried about getting entangled with the FBI have serious reasons to delete their data, he said.
“If you have a navigation system, you have about a 50/50 chance that you can press two buttons and show up inside the house of somebody because you press ‘go home’ and then you pop the garage open,” Amico said.
My dad’s car is ridiculous - asks to download everything possible on your phone if you merely plug it in for charging. Do I need my test messages on this stupid car console? Uh, no. I’m regretting losing a car I had from before this era.
This is why I’ve been dropping money on repairs that cost more than my old car is worth. The old car will keep running for as long as I’m willing to repair it. My new car is bricked if the software ever shits out
I would ban the phrases: “here is how”, “we show you how” and similar from news headlines. If you are too lazy to write a proper title then fuck off and find a different profession
I’d add any headline that starts with “This is…”
deleted by creator
My car is a bicycle. Specifically it is a 2017 Masi CX Comp.
Why own a Ford when I have my Chevrolegs?
Because my city planners are dicks and there’s highways between me and everything I would need with no clear and safe bike paths anywhere 🙁
Ford owners know all about using their legs
I don’t think so, I drive a 2000 Opel Agila
I’ve got an almost 10 year old base model Wrangler…I don’t even have power windows. It couldn’t harvest data if it wanted to. Didn’t even splurge for the automatic transmission. Probably one of the last truly dumb vehicles in the US.
At least in Italy automatic transmission is absolutely failing to take off. To this day almost all new cars are manual, most brands don’t even sell automatic variants or models by now. Sequencials are in an even worse spot. Smart features too are really struggling to take off. At most you find simpler GPS systems or hubs to connect your own smartphone to.
Maybe we are just too poor to let new shiny things take off. :P
Could someone create a dumby device that looks like a phone to the car but has none of your data. Connect phone to dummy phone, connect dummy phone to car. Phone gives no info besides music or gps to dummy phone. Dummy phone gives “everything” to car but turns out it has nothing.
Use an old phone, wipe almost everything off it.
I drive a 2000 Honda Accord so I highly doubt it.
My old Fiat doesn’t even have an OBD port and i’m happy with it.
How recent does the car need to be? I’m not convinced my 83 civic pending some sort of engine work that I can’t afford to get done or know how to do myself is capable of that even if it were running.
Jokes on you, I don’t own a car.
I wonder if Apple Carplay can be developed to have privacy permission settings like other apps where you can toggle what they can access. I checked my vehicle on their site and it says it shares to the government but “silent” on insurance. Not exactly sure what silent means.
CarPlay (and Android Auto) are designed to only interact with the InCar Entertainment hardware as a display, HID input and limited ancillary hardware. It pushes Video to the display and pulls GPS data, Voice, touch and button inputs. Apple actually dictate that the ICE system cannot store any data except connectivity (Bluetooth connection keys), everything else stays on device.
I am not going to go as far as say that OEM and aftermarket ICE aren’t able to extract information through CarPlay, and I will acknowledge that they will try to get user data through their own interfaces for the benefit of their own interfaces. I would never trust an OEM that forces users to not use CarPlay or Android Auto (ehem, GM).
I am confident that the only reason GM are introducing their ICE platform (codenamed “Edsel”) and blocking CarPlay and Android Auto is because they believe they will be able to profit from selling user information to data brokers. I am also confident that Edsel will be just as disastrous for GM as its namesake was for Ford.
Car play doesn’t even give access to the car for most things. Assuming Apple already has your data, it’s a good way to keep your data from other companies
Lol @ my '01. Fuck, I miss Bluetooth audio.