Washington Post Hacked a Chevy Volt to See What Information Your Car Is Quietly Collecting
And more importantly, what your car is sharing with third-parties.
If you own a smartphone—you do, don't you?—then your personal information is as good as gold for companies looking to target each and every consumer demographic. From the type of music you listen to what apps you use and especially what you search for on Google, there are firms out there paying real money for real info about the person behind the screen. Now, whether or not your name is attached to that data is a toss-up, but one thing's for sure: this isn't the only area of your life that's being monitored, especially if you drive a modern car.
The Washington Post recently conducted a test to investigate what your daily driver and, more specifically, the people who built it know about your everyday life. This involved a detailed deconstruction of a 2017 Chevy Volt's infotainment system with Jim Mason, a Caltech-trained engineer doing the hacking. During the experiment, they discovered an incredible amount of intel that may seem insignificant at first but is certainly valuable to those looking to earn your dollar—and track your habits.
First, by working with "a laptop, special software, a box of circuit boards, and dozens of sockets and screwdrivers," Mason gained access to the Chevy's onboard infotainment system. This is linked to the vehicle's navigation tech as well as, in most cases, the driver's phone. Both are deep wells of information that clue automakers, along with potential information buyers, into your everyday routine and interests.
From The Post:
It was worth the trouble when Mason showed me my data. There on a map was the precise location where I’d driven to take apart the Chevy. There were my other destinations, like the hardware store I’d stopped at to buy some tape.
What's more, they were able to view specifics tied back to the author's phone along with a man named Doug's, who lent his Volt to the test.
Among the trove of data points were unique identifiers for my and Doug’s phones, and a detailed log of phone calls from the previous week. There was a long list of contacts, right down to people’s address, emails, and even photos.
The degree of tracking was equally as great in an infotainment system the group bought off eBay, in which they could see the former owner's favorite place to eat, their most frequently visited Gulf gas station, and even a log of calls with someone listed in their contacts as "Sweetie."
This isn't a phenomenon unique to General Motors; instead, some other companies record location data every few minutes even when you're not using the car's navigation system, according to The Post.
Mason has hacked into Fords that record locations once every few minutes, even when you don’t use the navigation system. He’s seen German cars with 300-gigabyte hard drives — five times as much as a basic iPhone 11. The Tesla Model 3 can collect video snippets from the car’s many cameras. Coming next: face data, used to personalize the vehicle and track driver attention.
With electric vehicles being ushered in as the next wave of personal transportation, these practices could grow exponentially with cars completely relying on computers and similar tech to operate.
What's most troubling, though, is that automakers often aren't required to share what info of yours they may gather and distribute—this usually boils down to the fine print in auto purchase contracts. “Nothing happens without customer consent,” a GM spokesperson told The Post. Onboard services like GM's OnStar are baked into millions of cars, sometimes without the owners understanding what these features entail; however, since they sign and initial on each dotted line, they're waving their right to prohibit the sharing of individual-specific data.
Collectively, automakers can supply this info to all types of companies that want to alter your typical preferences to those that benefit them, such as swaying a person that usually eats at Tim Horton's to go to McDonald's instead. This can be achieved through third-party apps or advertisements that'll soon be popping up on the screens of new cars.
The full investigation is worth a read, and it's something to be conscious of before you allow every app, device, and car access to your location and personal info.
Got a tip? Send us a note: firstname.lastname@example.org
RELATEDCredit Card Hackers Targeting North American Gas Stations With Info-Stealing SoftwareVisa investigators claim multiple reports of such computer-based attacks over the past year.READ NOW
RELATEDUber to Pay $148 Million Fine for Massive Data Breach That Exposed 57 Million Users' Personal InfoUber also agreed to regularly report data security incidents.READ NOW
RELATEDDMVs Are Making Millions of Dollars Selling Drivers' Personal Data to Third Parties: ReportWho's buying this info? Mainly private investigators and insurance companies. However, not every transaction has proven to be lawful.READ NOW
RELATEDUnencrypted Video and Personal Data Stored on Teslas Raise Significant Privacy Concerns: ReportImagine crashing your car and someone blackmailing you with the footage later on.READ NOW
RELATEDTop OTA Expert Shows How State Actors Hack into Your Car and What Happens Next: ‘People Will Die’“Updates are an attack vector nation-state actors particularly like, because they are very hard to defend against.”READ NOW