SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
20 Feb 2017

Why buying used cars could put your safety at risk

Charles Henderson sold his car several years ago, but he still knows exactly where it is, and can control it from his phone.

The IBM researcher leading X-Force Red, the firm's security testing group, wasn't researching car security when he discovered a major privacy issue. He simply sold his car.

"The car is really smart, but it's not smart enough to know who its owner is, so it's not smart enough to know it's been resold," Henderson told. "There's nothing on the dashboard that tells you 'the following people have access to the car.'" This isn't an isolated problem. Henderson tested four major auto manufacturers, and found they all have apps that allow previous owners to access them from a mobile device. At the RSA security conference in San Francisco on Friday, Henderson explained how people can still retain control of connected cars even after they resell them.

Manufacturers create apps to control smart cars -- you can use your phone to unlock the car, honk the horn and find out the exact location of your vehicle. Henderson removed his personal information from services in the car before selling it back to the dealership, but he was still able to control the car through a mobile app for years.

That's because only the dealership that originally sold the car can see who has access and manually remove someone from the app. A full factory reset of the vehicle doesn't revoke mobile access, Henderson said. In order to revoke app access, you should go to a factory-authorized car dealership.

On smartphones, a factory reset wipes all the local data off the device so you can sell it to someone else. So-called internet of things devices store information in servers far away from the actual hardware. This means executing a factory reset on your car only resets the car -- the data still exists in the cloud for other people to access.

It would be fairly easy for car makers to let users completely wipe the apps, but it could potentially be abused, Henderson said. For instance, a valet could revoke your app's access if he had access to the car. When Henderson approached car makers about letting car owners wipe apps, companies were concerned about people not being able to do it properly.

"The explanation we were given was fear of user error," he said. "But a pin system for reset or an authentication-required reset system would be my suggestion." Reselling connected devices causes problems beyond the used car lot. Selling homes with connected devices can be a security issue, too. Security cameras, smart fridges, and smart lights can all retain the previous owner's data.

According to a 2016 survey from the National Association of Realtors, only 15% of clients asked about smart home technologies, and 52% of clients were unfamiliar with smart home technologies available. Henderson says there are ways to protect yourself. Always check who can access data through "user management" settings on smart devices, and if you buy a home with smart appliances, ask a home inspector who understands security to check them out first.

Always ask car dealerships to show you how mobile apps work and to confirm any previous owners are no longer on the app. But, Henderson says, putting the onus on consumers to maintain proper security may make people hesitant about buying any used technology. "If I was a consumer who was less than tech-savvy, I would probably consider buying new rather than second-hand for this reason," he said.

Tags:
information leaks
Source:
CNNTech
1581
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015