Couple of months prior, I read an article on Mozilla, where they did a research on automakers and found none comply to good privacy measures. I am planning to buy a used car. I want to know how the data is collected and transmitted.
The car comes with a connected app though I am not planning to use it. It also has apple car play and android auto. Should I use those? The article states some manufacturers even records sexual activities. How are they transmitting these informations? Through connected phones?
My use is fairly basic, I want to use the Bluetooth audio system in the car for listening to music on my phone. I use maps on my phone.
What about car servicing? Can they access stored information?
The people saying it uses your phone’s Internet connection are incorrect. The vehicles have built in cellular modems and connect directly. The OEMs negotiate cellular contracts to provide service in their vehicles with ATT, Verizon, etc.
Features like remote locking/unlocking, etc. would not work if it relied on being connected to a phone.
There was a Defcon talk a few years ago (oh god it was 8 years ago) where someone found a way mess with Chryslers because they were all on the Sprint wireless network. Things like lock out the physical controls on the radio then max out the volume, or turn it into a GPS tracker, or disable the brakes! The cars had some service listening on port 6667, there was no way to stop them from accepting malicious connections so Sprint just blocked all traffic on that port on their network at the request of Chrysler. The speaker mentioned they were sorry if you were unable to use IRC any more on Sprint wireless.
DEF CON 23 - Charlie Miller & Chris Valasek - Remote Exploitation of an Unaltered Passenger Vehicle