FTC Warns Consumers: Don't Sync To Your Rental Car!

Slashdot reader chicksdaddy quotes an article from Security Ledger: The Federal Trade Commission is warning consumers to beware of new 'connected car' features that allow rental car customers to connect their mobile phone or other devices to in-vehicle infotainment systems. "If you connect a mobile device, the car may also keep your mobile phone number, call and message logs, or even contacts and text messages," the FTC said in an advisory released on Tuesday. "Unless you delete that data before you return the car, other people may view it, including future renters and rental car employees or even hackers."

The Commission is advising renters to avoid syncing their mobile phones to their rental car, or to power devices via a USB port, where settings on your device may allow automatic syncing of data. Consumers who do connect their device should scrutinize any requests for permissions.
Security researchers have also discovered another car-related vulnerability. The software connecting smartphones to in-vehicle "infotainment" systems could also make cars vulnerable to remote attacks.

Well duh.

[nitehawk214]

Don't sync your devices to untrusted devices. Same as don't stick an unknown usb drive into your computer.

Though this warning is useful since most normal users may not be aware of the security risk. The ignorance of security is the same ignorance that will cause people to ignore this warning, naturally.

Re:Don't Sync

[plover]

I would hope that the rental company would reset the system in part of their cleanup/inspection after return, however.

+1, funny!

Oh, wait, you were serious? You're lucky if a rental company runs a vacuum cleaner over the floors before they turn the car over to the next renter. Cleaning data would be like so far down the list of stuff they do that "never" comes before it.

Needs to be said, won't be listened to

[ErichTheRed]

Lots of techies forget that 99% of the population does not care about the how it works when it comes to technology -- they care about whether it works and is easy to figure out. Phone operating systems don't even have the concept of user-accessible storage and filesystems. Of course it's all there under the hood, but it's abstracted away. All data is stored in an app-specific data store in the cloud as far as users are concerned.

Warnings like this and the "check what's in the address bar before you hand over your password" type of message need to be given. Few will listen, but putting it out there doesn't hurt. We now have what was asked for in the past -- end user systems that have almost no complexity and learning curve. It makes sense that newer generations growing up with this aren't used to files, filesystems, the concept of stored data and so on.

FUD

[speedlaw]

This is silly. Every rental/loaner I've ever had has already five phones paired. I delete everything, and pair mine. When the car goes back I make sure I"ve deleted my profile as well. If you can read slashdot, you can figure this out, be it iDrive, Sync, CUE or AcuraLink. I'd be more concerned with leaving addresses in the satnav...but I blank those too.