Wednesday, December 06, 2017

Why buying used cars could put your safety at risk

Charles Henderson sold his car several years ago, but he still knows exactly where it is, and can control it from his phone. The IBM researcher leading X-Force Red, the firm's security testing group, wasn't researching car security when he discovered a major privacy issue. He simply sold his car. "The car is really smart, but it's not smart enough to know who its owner is, so it's not smart enough to know it's been resold," Henderson told CNNTech. "There's nothing on the dashboard that tells you ‘the following people have access to the car.'" This isn't an isolated problem. Henderson tested four major auto manufacturers, and found they all have apps that allow previous owners to access them from a mobile device. At the RSA security conference in San Francisco on Friday, Henderson explained how people can still retain control of connected cars even after they resell them.


Manufacturers create apps to control smart cars -- you can use your phone to unlock the car, honk the horn and find out the exact location of your vehicle. Henderson removed his personal information from services in the car before selling it back to the dealership, but he was still able to control the car through a mobile app for years.

That's because only the dealership that originally sold the car can see who has access and manually remove someone from the app. A full factory reset of the vehicle doesn't revoke mobile access, Henderson said. In order to revoke app access, you should go to a factory-authorized car dealership.

On smartphones, a factory reset wipes all the local data off the device so you can sell it to someone else. So-called internet of things devices store information in servers far away from the actual hardware. This means executing a factory reset on your car only resets the car -- the data still exists in the cloud for other people to access.

It would be fairly easy for car makers to let users completely wipe the apps, but it could potentially be abused, Henderson said. For instance, a valet could revoke your app's access if he had access to the car.


Drudge Retort Headlines

Shutdown (179 comments)

Steele: 'This Shutdown Rests at the Feet of the GOP' (43 comments)

White House Budget Director: Shutdown 'Kind of Cool' (25 comments)

God Said Defendant Is Not Guilty, Judge Tells Jury (22 comments)

When Trump's Foreign Policy Luck Runs Out (18 comments)

Oxfam: World's Richest 1% Hoard 82% of the Wealth (15 comments)

White House Answering Machine Message Lays Blame (14 comments)

Trump Tells Activists He Opposes Childbirth (13 comments)

Four Different DNA Tests Reveal Four Different Genetic Results (12 comments)