IS YOUR CAR A SPY?

Until recently, a house was a safe space. Between the walls of the room or on the sofa in the living room, a person could isolate themselves and enjoy themselves without the hustle and bustle of the outside world. That chimera disappeared with mobile phones. Their infinite scroll, mandatory cookies and a whole arsenal of neologisms assaulted the metaphorical domestic garden and disrupted the notion of leisure. Not only did this bring an end to unproductive dalliance, but it dealt privacy a mortal blow. Later, this peaceful incursion intensified thanks to new devices: assisted speakers, cleaning robots and even printers could be uncomfortable guests.

These harmless devices turned out to be a well-organized army: smart televisions, light sensors and even refrigerators can collect information about tenants. This is what Shoshana Zuboff described as “surveillance capitalism”, which has been further explored in different studies. Recently, the cybersecurity company ESET expanded these threats to another unexpected place: cars. The emergence of these cars with increasingly sophisticated systems can pose risks to the privacy of their users.

A “connected” vehicle, according to the company, could handle gigabytes of information about the driver and passengers. In summary, the approach would be like this: a modern car helps us choose a route, it provides the opportunity to choose songs effortlessly and to find the cheapest gas station, but, in addition, it keeps your personal data. Is your own car spying on you? Are you sharing not only your musical tastes, but also your culinary or even sexual preferences?

Could be. As ESET says, some integrated applications could know the name, age and gender of the driver, his or her address, driving mode, daily routes, contacts and even medical data. And they do it easily: from the screens themselves, voluntarily, these types of clues are given. It is true that ‘connected’ cars serve to improve road safety (they warn about traffic accidents and send alerts regarding vehicle maintenance) and that the cameras and sensors installed in them help with driving, but this is integrated into the ‘Big Data’ that is distributed among insurance companies, hotels, and restaurants.

Any signal is collected by companies and used to refine commercial campaigns. Depending on the provider’s privacy policy, all the information collected by their car may be accessible to unwanted third parties. Infotainment screens, they explain, work with chips similar to those in computers or smartphones, but they are built to be more resistant than powerful because they suffer more wear, temperature variations, etc. These chips have the same capabilities as smartphones, further enhanced by applications such as Android Auto and Apple CarPlay.

“Just as your phone monitors app usage, tracking which songs you play, how long you use it, and what holds your attention for longer periods of time, the operating system in cars follows a similar process. Including, for example, recording schedules and the itinerary of each trip that is made,” says Josep Albors, director of research and awareness at ESET Spain.

A report by the company warned that this data could also reach the hands of cybercriminals, although it did not reveal anything new. “Cars collect a lot of information. In some cases they do it with our consent. What can happen is that it falls into the hands of third parties,” says Deepak Daswani. This senior computer engineer from the University of La Laguna, a hacker and cybersecurity expert, explains that firms collect your position, location, the hours at which the vehicle is used, and the songs that are listened to. The problem is that they can go one step further.

“Unless there is an agreement, your data could fall into the hands of cybercriminals,” says Daswani, author of the essay ‘The Hacker Threat’. “It happens when you connect your device to a friend’s controls, to rental vehicles…” he adds. There are ways to avoid or minimize it: “There are several precautions you can take. If you sell it, get rid of everything saved so that no one can access the data; do not use connectivity or share all your data. Do not update the software in case the car breaks down and review and update the privacy conditions. Another important thing is to avoid sharing contacts when you turn on Bluetooth,” he lists. “The less you use, the less exposed you are,” says the expert.

Even with caution, a Mozilla report revealed that most brands did not meet the organization’s security and privacy standards. They collected data on the driver’s sexual activity, race, genetic information and psychological state, to name a few. Such is the concern that, in 2021, the United Nations standard came into force, stipulating that no newly approved vehicle with connectivity can be marketed in the European Union without a cybersecurity certificate. It came into force in July 2022 and from July 2024 all vehicles sold in dealerships as new will have to have it.

To minimize risks, in any case, it would be good to put into practice certain habits: it is important to read the privacy conditions, choose a vehicle that has an encryption system, a VPN or a security chip. In addition, you should factory reset the car’s system before selling it (even asking a mechanic, if necessary), disconnect the phone and delete all data related to its use before returning a rental car, regularly update the vehicle’s software and any related application, review and adjust privacy settings in the infotainment system and associated applications and limit access to sensitive data to only essential functions, as Daswani noted. This is not going to guarantee complete safety, but it helps prevent attacks, which no longer happen just on the street, and have even colonized our bedrooms.