The Feds Can Use Your Car to Access Private Data on Your Phone
You can thank modern infotainment systems.
There's an ongoing battle between law enforcement trying to harvest data from smartphones and tech companies trying to maintain some level of privacy. However, it's no longer always necessary for police to crack a suspect's phone, since these individuals already share plenty of personal data with automotive infotainment systems—which present a much softer target, according to a report by The Intercept.
The risks came to light via a contract between the U.S. Customs and Border Control and Swedish firm MSAB, concerning the sale of five iVe "vehicle forensics kits" to the federal agency. The kits themselves are manufactured by Berla, a company based in Annapolis, Maryland. The company routinely posts updates to its blog, highlighting new features and the latest car infotainment systems that the tool is able to crack.
The attack profile makes perfect sense. Modern smartphones can be difficult to crack as they're regularly updated to patch over any security vulnerabilities that become public. However, the act of simply pairing a smartphone to a vehicle's infotainment system often gives access to a wealth of data. Phonebooks are routinely synced, as well as text messages which may be displayed on screens in the car. An infotainment system can store other sensitive data too, such as navigation history, and more granular data like doors opening and engine ignition events. With virtually every system on a modern car linked up over CAN bus, anything that happens in a vehicle can be logged, and probably is.
“It would appear that this technology can be applied like warrantless phone searches on anybody that CBP pleases,” said Jacinta Gonzalez, speaking to The Intercept on behalf of Mijente, a Latinx advocacy organization that turned up the contract. "With this capability, it seems very likely CBP would conduct searches based on intelligence about family/social connections, etc., and there wouldn’t seem to be anything preventing racial profiling.”
It bears remembering that warrantless searches often apply in a zone up to 100 miles from the border, an area covering two-thirds of the population of the United States.
As much as some loathe them, it seems touchscreen infotainment is here to stay. In light of that, the simplest defense against such tools is to simply never pair your phone with your car in the first place. Unfortunately, this necessitates giving up a good deal of functionality at the same time. But, if you want to keep your guilty-pleasure Spotify playlists secret from the prying eyes of federal law enforcement, you might not have any other choice.
Hacking vehicles is no longer a future concern, but a reality—seemingly, the price we pay for new features and connectivity.
Got a tip? Send us a note: email@example.com