The ticking time bomb of data security in connected cars
With access to the right software it is relatively straightforward to securely erase all of the data on a computer or mobile phone. Yet very few of us do so when the time comes for them to be resold, recycled or disposed.
This problem only gets worse when we transfer it to connected vehicles, of which Gartner predicts there will be over a quarter of a billion on the road by 2020.
The process of erasing data from vehicles is significantly more complicated due to the variety of mobile operating systems, manufacturers and devices syncing to so many cars across different automotive makes and models.
Furthermore, each auto manufacturer uses different operating systems and apps depending on the model and production year. There is no single standard, making a universal solution to the data security problem that much harder to find, says Richard Stiennon, chief strategy officer, Blancco Technology Group.
On top of this, there’s a very well established market for cars to be resold or rented out, meaning the expectation is that they will have multiple owners across the course of their life. It almost goes without saying that this increases the chances of data from previous owners being accessed and falling into the wrong hands.
When users connect their mobile devices to their car there are various types of data that are stored and become accessible. This can include address books, call and message logs, texts and IMs and GPS data. In the case of infotainment systems it can even include log-in details for services like Facebook that help to personalise the experience.
Developers, by default, attempt to capture as much information as possible because they see future value in the data and the impact it could have on their business, both in terms of the corporate bottom line and the future potential to enhance the customer experience.
This makes sense for both parties for the duration of time that the customer is using the vehicle. However, it quickly becomes a liability when it is sold or rented out to the next customer. More often than not users don’t actually know what happens when they sync their phones to these cars, how to erase the information or the extent of what they’re leaving behind.
Those that are aware can go into the car’s settings (which vary by make, model and year), locate the smartphone from the list of previously connected devices and hopefully find an option to delete the connection. That’s enough to prevent casual hackers like the next driver from seeing it.
However, there is no guarantee that this method will overwrite the data on the car’s storage device to prevent a more determined hacker from retrieving the information with data recovery software.
The missing piece of the puzzle is for carmakers to build the necessary features and capabilities into the vehicle’s software to allow data to be easily and permanently wiped from the car at the point of end-of-use; ideally with the option to provide a certified digital report that can be downloaded or emailed to the driver as proof that this has taken place.
If car manufacturers and rental companies want to use technology to enhance their products through innovation, improve the user experience and drive business growth and profitability it’s up to them to build security into the design of the products themselves.
In the meantime it’s up to consumers to ensure that any manufacturer that wants to sell a connected product understands that unaddressed issues with data privacy and security will be a major stumbling block that could hinder mass adoption and sales.
The author of this blog is Richard Stiennon, chief strategy officer, Blancco Technology Group
Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow