Slashdot Mirror
Used Cars Can Still Be Controlled By Their Previous Owners' Apps (wtkr.com)
An IBM security researcher recently discovered something interesting about smart cars. An anonymous reader quotes CNN:
Charles Henderson sold his car several years ago, but he still knows exactly where it is, and can control it from his phone... "The car is really smart, but it's not smart enough to know who its owner is, so it's not smart enough to know it's been resold," Henderson told CNNTech. "There's nothing on the dashboard that tells you 'the following people have access to the car.'" This isn't an isolated problem. Henderson tested four major auto manufacturers, and found they all have apps that allow previous owners to access them from a mobile device. At the RSA security conference in San Francisco on Friday, Henderson explained how people can still retain control of connected cars even after they resell them.
Manufacturers create apps to control smart cars -- you can use your phone to unlock the car, honk the horn and find out the exact location of your vehicle. Henderson removed his personal information from services in the car before selling it back to the dealership, but he was still able to control the car through a mobile app for years. That's because only the dealership that originally sold the car can see who has access and manually remove someone from the app.
It's also something to consider when buying used IoT devices -- or a smart home equipped with internet-enabled devices.
Manufacturers create apps to control smart cars -- you can use your phone to unlock the car, honk the horn and find out the exact location of your vehicle. Henderson removed his personal information from services in the car before selling it back to the dealership, but he was still able to control the car through a mobile app for years. That's because only the dealership that originally sold the car can see who has access and manually remove someone from the app.
It's also something to consider when buying used IoT devices -- or a smart home equipped with internet-enabled devices.
Are the previous owners not breaking the law by retaining such control? When you sell something then you are supposed to give up all interest and rights to it, to do otherwise is an act of conversion
My wife leased a BMW X3 that was a "demo" with 6K miles.
I found that the dealer had not bothered to wipe any info stored in the car's nav/entertainment system.
The nav had all the previous destinations stored.
The radio buttons had been pre-programmed to dial certain numbers and they were still active.
Previous users music was still loaded in memory.
I had to purge all this myself and now have to do it again when she turns in the car because I can't trust the dealer to do it.
I doubt that anyone else really pays attention to this. When I brought it up to the dealer at the first Service interval they just sort of shrugged it off.
Oh, and when we were being "introduced" to the car's tech, the dealer showed my wife how to download their "app".
This consisted of going to a BMW web page and then saving the web page to the Home Screen as a shortcut icon.
When I said that was not an "app", the tech guy just gave me a look.
I like microcars