The issue here isn't that this guy can see and control the the vehicle without the next owner knowing. It's that the entire corporate world and government can see and control the vehicle without the next owner knowing. This is increasingly true across the board, regardless of trim level.
I was excited about Rivian as a family friendly electric vehicle. Then they decided to add Alexa (due to an investment by Amazon) and reminded me why I will likely die driving my 1980s SUV.
"We also share personal information with... Law Enforcement Agencies, Courts, Regulatory Agencies, and Others. We will [disclose] personal information when we believe that doing so is necessary to... comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies"
That's pretty vague, and inadequate. Basically they will let the cops snoop on you if they say "please"; don't bother getting a warrant first.
New cars are way safer than the ones from the 1980s, though. In just a risk-minimization strategy I prefer a new car with Alexa over a forty year old car without.
The privacy risk is low with the new one, but the death risk is high with the old one.
Rolled my car and I just crawled out of the wreck and walked away with a mild concussion.
Sorry, using the "risk = probability times damage" meaning here. It doesn't matter so much how much telemetry is sent until that leads to: a) compromising my privacy b) that breach leading to damage to me. I like to threat model things like this, rather than going on a binary scale of threatened/not-threatened and I think there is no threat model that leads to me needing to worry. Of course, if you have concrete information that I am in danger, I will pay you for it.
I rate that as astronomically unlikely, especially since my SSN is out there and I haven't been identity thefted yet despite making half a million a year and having more credit cards than I can keep track of.
I understand. I was just curious because telemetry is an automatic privacy intrusion. The only question is whether or not it exceeds your comfort level. In your case, it does not. That's fair.
Ah, right. I don't see an automated system seeing things about me as an intrusion until it has implications about me. For instance, I imagine if someone dev-nulled all telemetry but still had it running you'd consider it a privacy risk because your private data was exfiltrated but I wouldn't because no action was taken against me on private information.
> I imagine if someone dev-nulled all telemetry but still had it running you'd consider it a privacy risk because your private data was exfiltrated
Yes, this is my perspective. There are two aspects to privacy.
The first is data collection. When data is collected about me or my use of my machines, that is a privacy intrusion regardless of what is done with that data post-collection.
The second is what is done with the data post-collection. In my view, the impact of this is secondary -- how the data is handled post-collection will inform whether or not I'm willing to give consent for its collection in the first place.
somewhat off-topic, but if you'd like a hardware hack to disable the perpetual vehicle tracking in most modern cars, its actually a component of OnStar in GM vehicles. BMW Assist and others are patterned off the same technology as it all comes off the boat as a single embedded package from China. Its a cellular modem with a header for your OBD and ECM and data line for your info-tainment. its NOT built into the info-tainment.
on GM Vehicles You're looking for a metal box under the passenger side footwell, about the size of a cable modem. newer models have it in the trunk on the right or left side. You can remove the box, open it up, and inside will be a riser card with 2 or 3 connectors for a cell antenna. theres no SIM card.
Pull the riser and you wont get any error codes. Confirm the hack by pressing the OnStar button (or whatever your car calls it.) it will ring, but no one will pick up.
this will NOT affect your bluetooth ability OR your backup camera. thats actually part of the infotainment.
this WILL however disable the SOS button and the automated SOS on airbag deployment signal as the riser doesnt exist to make the call.
BMW is also massively insecure. My "secret token" I had to enter on my phone to link it with the car was the VIN number. That number is physically stamped into the engine block and chassis so obviously cannot be changed, even after I sell the car. I also suspect these numbers are sequential. Till this car is scrapped I will be able to locate it, turn on the AC, unlock the doors etc.
Not illegal per se, but you're handing cops PC to enter your car to move the paper and any further evidence of "crime" they can see while doing that is fair game.
> I imagine they also have their VINs punched in the frame where it's easily visible.
It's not always easily visible, but the VIN must be stamped on the major components of the car by law. I believe this means visible from the driver's side windshield, stamped on the frame, and stamped on the major drivetrain components.
> I don't know if it's against the law to grind that off, but it's probably not against the law to weld a metal plate over it.
In my state, it's illegal to do either of those things, but I don't believe it's illegal to obstruct the view of the VIN in a less permanent way.
> I don't know if it's against the law to grind that off, but it's probably not against the law to weld a metal plate over it.
My Jeep has added "frame rust protection" from the factory (Canadian-spec) and I've never been able to find a VIN stamped anywhere on the frame. Apparently the coating covered it. It was a pain in the ass crossing borders in Africa when they didn't want to use the VIN at the base on the windshield.
Parking tickets usually go off the license plate, last I checked.
In fact, so do normal tickets, last I checked. My first job was punching in traffic ticket info for the CHP, and I don't recall ever seeing a VIN; just the LP and DL.
This is in the US, though. Other places might have different information tracked on citations.
> You obviously cannot have DL on a parking ticket.
Well yeah, obviously. I was talking about tickets in a broader sense, going by forms CHP 215 ("Notice to Appear", i.e. normal traffic tickets) and CHP 281 ("Notice to Correct Violation", i.e. "fix-it" tickets).
I believe this is not quite correct, there is an additional step. Once you enter the VIN BMW ConnectedDrive will send a message to the car which you have to retrieve through the iDrive interface before it will 'pair' with online services or the app. You need to have physical access to the car.
And if you sell the car and it is added to another ConnectedDrive account (or BMW mark it as sold) it disappears from your dashboard and you need physical access again to add it.
It's not strictly sequential, but it is easily guessed if not sequential. The first portion is manufacturer's information, and then the last 6 are a serial number of final assembly (generally speaking)
I'm curious, would it be possible for a malicious person to create a bunch of VMs running the app and brute force VINs to get access to thousands of vehicles and do things all at the same time?
As it is, it already sounds like a theif's dream: no special, suspicious tools required: just a burner phone with an app, walk up to a car, enter the VIN, unlock doors, steal stuff.
- at least in Germany, you have to give physical signature at the dealer to sign up for CarData
- you need to give consent to every third party in order for them to access the data
- to have the car linked to CarData, you have to get in the car, turn the ignition on, receive activation code displayed which is displayed on the infotainment, type the code back into the CarData platform
I'm thankful our 2004 & 2002 cars are as free of "smart" as they are. They're aging out on us and we've been looking at replacements; the used market is contaminated with screens and systems that we DO NOT WANT.
I wonder how difficult it will be to strip all that shit out when the time comes. What's going to have to be stubbed out or emulated to make the car run and how difficult will that be? Are we looking at things like people rolling their own EverQuest shards yet?
Cars manufactured starting May 2018 must have backup cameras, so chances are whatever car you get will also have infotainment and other features. Maybe there are a few cars that have a pop-up screen or something similar that is only used for backup.
Part of the reason I've been learning about embedded systems is so I can take these sorts of things into my own hands. I do not want a car with WI-FI, and I especially don't wait it attached to anything that makes my car move (or stop).
"Performing a Master Reset returns the vehicle’s modem to the factory settings and removes any imported personal data like cellular phone contact lists, names of paired devices and/or connected networks. Master Reset also disconnects modem-equipped vehicles from any FordPass / Lincoln Way accounts. See 4 above. Deleting the FordPass/Lincoln Way app from your device will not disable data sharing.
PEFORM A MASTER RESET:
BEFORE SELLING OR TRANSFERRING OWNERSHIP
AFTER PURCHASING OR LEASING A PRE-OWNED VEHICLE
BEFORE AND AFTER RENTING A VEHICLE FROM A RENTAL COMPANY "
People are now beginning to realize that cellphones send out too much data. Well, modern cars are far worse. Do you know that some of them have weight sensors in seats? Do you know that they send this info out? On your phone, you at least have some control. You have zero control over your car's cell connection. I'm not even sure you can disable over-the-wire updates.
Pull the SIM card, or if it's an eUICC cut the trace. Yank the antenna wire, cap it with a terminator. Cut the module off the bus if you feel like pulling the fuse isn't enough.
Would the car detect the tampering and refuse to operate? Seems like there is a fair argument to be made for that by car manufacturers in the name of safety.
While totally possible I've never heard of such a thing actually happening. Tearing out the OnStar module on Chevrolets has been done by people with a specific mindset for a long time. Whats kinda neat is that if it does still work after tearing out the module it should continue to work forever because you just ripped out the update mechanism. Assuming you don't go to the dealer for service of course...but who does that?
Agree, and if I may add, I think cars are worse because their primary function (transport) hasn't changed nearly enough compared with that of phones (voice calls into computation/information-at-fingertips). Therefore, it's harder to justify the same exponential increase in complexity and 'smart'. Maybe OTA hardware tuning ala Tesla will prove me wrong in the future...
Fun fact: Nissan Connect, which allows you to track, start, stop, lock, unlock, trigger horn, and toggle headlights is also massively insecure. In order to gain control of a Nissan Connect-enabled car, you need to know the VIN of the car and the name of the person to whom it is registered.
Most of the time those details can be found on the internet, but if you're reasonably motivated you can find the VIN visible on a car's dashboard and probably find the owner's name in their mailbox.
If you own a Nissan, register your car in Connect, or someone else will!
I learned long ago never to trust dealerships to do what they say they will, unless I see them do it.
When I traded in a car, among other things I signed was a release of liability for the DMV. They claimed they would submit it.
They never did. 3 months later the DMV called asking about the lack of insurance for the car. I told them what happened, and they said its common for dealerships to never send in this paperwork. So, yeah, lesson learned. I can't imagine what a pain in the ass this would have been if the car were involved in an accident.
I traded in a car in Houston and the employees of the dealership (an actual big-name dealership, not some guy selling cars on his lawn) took it on joyrides for a week blowing through tolls.
I found out when I got a letter in the mail from the Harris County Toll Road Authority with a bill and photos of my old car zipping through the barriers.
I called HCTRA, and they were super nice about it, cancelled the fees, and said it happens all the time.
How would manufacturers know when cars change hands?
Sure, in the example in the article, it was a lease that was turned in to a Ford dealer. But I've sold cars by handing my keys and a title to an individual who handed me money. The manufacturer of the car was not involved in the transaction.
That might be a good 90% solution - car registrations are public records, which tons of companies harvest, which is why you get those annoying extended warranty junk mailers, etc.
Not all cars get registered though - some are chopped for parts (in which case that infotainment system might live on in another car), some are shipped internationally to be re-sold elsewhere, etc.
And there could be a lot of lag - some cars languish on dealer lots, get auctioned, languish on another lot, get auctioned again, etc. Or a dealer might like your car and slap dealer tags on it and keep it essentially as his personal vehicle for a while without registering it.
Lots of little opportunities for data to leak or remote functionality to be abused. There ought to be a complete, no-joke, absolutely reset everything in the car (and expire any remote access tokens) option in the car itself, that either a buyer or seller can easily invoke.
Do we work together? (I'm assuming not.) Some guy where I work does the same thing, same truck. Usually he's still thousands of feet away when he starts it too, maybe even still in the office.
A huge percentage of people that live in the cold parts of Canada have "remote start" on their key fob. Press a button and that ICE fires right up to warm up your cabin, defrost the windows and get the engine warm enough.
They usually have some kind of hardware interlock to make sure the transmission is in park and the hand brake is on.
FWIW remote start is not allowed in Europe, so in the northern areas cars come with separate units that generate hot air from a heat exchanger connected to a small chamber with a flame burning the fuel.
People in the warm parts of Canada do this too, now-a-days. Its kind of weird to be be riding along the road at 5 C and see all these empty cars idling on the side of the road.
You're more likely to survive now, but it's definitely nowhere near an impossibility. There are tons of stories in the news on a regular basis of people who left their cars running accidentally and died of CO poisoning, mostly elderly who likely didn't realize they left it running.
I always do an infotainment system reset when I rent a car -- both when I start using the car, and just before I return it. I don't know what apps or other data other people synced, and I don't want anything I synced to be available to the next person.
I'd be doubly sure to reset the car at the end of a lease.
I find it more amusing to enter in the address of a local liquor store, then a bar, then a weed shop, a casino, a strip club, a bail bondsman, the local municipal courthouse and finally a divorce lawyer’s offices.
While always good to turn non-essential features off, this doesn't mean that you can't be tracked. Many vehicles, even if non-rental, now come standard with cellular voice/data connections. GM pioneered this with OnStar in the mid-90s[1], and other manufacturers soon followed. Combined with the "black box" recording of _every_ sensor in your car, there can be some pretty damning evidence against the driver in the event of a wreck, etc.
There are no switches for the driver to disable regarding the data inside your ECU[2], or Event Data Recorder[3].
It's not that you can't get away with anything anymore, it comes down to minor infractions are now enforceable (with the lucrative fines that follow) and that your car can present evidence against you.
While a pain, it isn't impossible. There will be an FCC ID that it has (due to transmitting receiving). Based on that device, you at least know what to look for (a PCI card? An entire board? an Antenna?).
Since FCC testing is expensive, I would not doubt that many manufacturers just make one card to install into multiple cars (to lower the FCC testing cost). That would be the best case, as all you need to do is find and remove that card.
Instead of doing that, I'd simulate "network loss" by substituting a 50 ohm dummy load for the output antenna. This assumes that it is a connector, not soldered right to the board.
This way, there is no "fault" other than not being in a cellular-coverage area.
First thing I do in any rental car is turn off any remote tracking, mobile apps, clear out bluetooth and turn off wifi if equipped.
The first thing I do when I rent a car is adjust the mirrors and the seat, and then get out of the airport as quickly as I can.
I might think about resetting stuff when I get to the hotel, but if I'm renting a car I have better things to do with my life.
I doubt that even 1% of the people in the world reset anything in a rental car. Including people on HN who state that they do. This is why pressure should be put on the rental companies to do this as part of the check-in process.
Rental car GPS is pretty much one of the few tracking things I actually want to be there.
It makes my rental MUCH cheaper and road help much better.
If you need to hide from the radars, chose another method of transportation.
I once turned off remote tracking on a Turo I rented. Within a few minutes I got a text from the owner asking me to turn it back on, pointing out it was part of the agreement for renting the car. I did, but it did make me wonder just how closely I was being watched.
There are enough street labels visible on the map of the car location in the screenshot from the myford site to figure out where that is.
I was kind of surprised the article did not obfuscate that.
It looks like it is at one of these businesses in Milford, CT: Stevens Ford Lincoln, Stevens Ford of Milford, Steven's Collision Center, or Colony Ford.
I wonder if one of those Ford dealers is the dealer that failed to do the reset when processing the lease return?
If it's at a car dealer, I'm not sure there's any need to obfuscate it -- revealing that an off-lease car is on a car dealer's lot is not much of a breach.
If it was in a residential neighborhood it'd be a different story.
A low tech example, but I bought a used car a couple years ago with navigation and still saved in the system were addresses the previous owner had entered. From this simple list, I was able to determine where they lived, and if was curious enough the businesses and homes they visited, or at least used navigation to find.
I was excited about Rivian as a family friendly electric vehicle. Then they decided to add Alexa (due to an investment by Amazon) and reminded me why I will likely die driving my 1980s SUV.