If you drive one of these vehicles, your data may be exposed
Hackers are always looking for new ways to get hold of your data. It even trumps your credit or debit card details. Unfortunately, security breaches happen on a larger scale than most people want to know, such as the IRS leak from late last year.
Criminals made off with the details of over 120,000 taxpayers. But that was just one-tenth of a massive breach a month later, when a Facebook tracker exposed the details of over 3 million people.
It’s easy to assume that data breaches happen with valuable targets, but that’s not always the case. Read on to see how your details could be at risk by driving one of these cars.
Here’s the back story
Technology is developing at an incredible pace, and it is more common now than ever to find Internet-connected components in household appliances. An internet-connected refrigerator tells you, for example, when you’re out of milk. A more advanced model even places an online order for you before it happens.
Ingenious features have also made their way into many vehicles. The center console of technologically advanced cars can show you almost every aspect of your vehicle, including your details, where you bought the car, when the next service is due and access to additional features based on subscription.
But with any connected gadget, there’s a risk of data compromise, which is exactly what security researchers recently found.
During an investigation, researchers found several API security vulnerabilities in popular models from Ford, Nissan, Toyota, Mercedes, Kia, BMW and many more. Almost 20 manufacturers were affected.
How Hackers Exploit API Flaws
Researchers found that hackers could access the vehicle’s telematics systems to honk the horn, flash the lights or remotely track the car.
It gets worse. According to team leader Sam Curry, with the right access, hackers can “completely lock and unlock the car, start and stop the engine, and lock users out of remotely managing the vehicle while changing ownership details.”
The level of access depends on the vehicle, but the most severe is in BMW and Mercedes-Benz. Using the exploit in these cars, hackers can gain access to the company’s internal chat tools, hundreds of mission-critical internal applications, and the internal dealer portals where they can query any VIN.
Several manufacturers say the software bugs will be fixed soon, but Curry has some advice if you drive one of these vehicles or are thinking about buying one.
Some good advice from Curry is to make sure the previous owner’s account is removed when buying a used car. If you sell a vehicle, remove your data. When using apps and services that connect to your car, use strong passwords and set up two-factor authentication when available.
Over 160,000 cars from Volkswagen and Mercedes have been recalled
Healthcare security breach: 3 million patients exposed thanks to Facebook tracking