What To Worry About When Our Cars Are Connected

By on August 12, 2013
Connected Cars

Even if you don’t know realize it yet, connected cars have become a reality.  With systems such as OnStar connected to GM by a cellular connection, or iOS in the Car, which uses your own cell phone to connect to your own cellular carrier, the convergence between the Internet of Things and the real world has already begun.  Due to this, certain privacy issues need to be considered when making use of a connected car, in order to ensure that you only share what you want.

Event data recorders: “Black boxes” on connected cars

Event data recorders are devices embedded in a connected vehicle that functions like a “black box” on an aircraft, except only recording the state of the automobile in the brief window of time before and after an impact.

These devices have been around for quite some time, first appearing in 1990 with the purpose of providing diagnostic information to the manufacturer, though since that time the number of sensors in a car have increased. With the rapid development of cellular technology, it is only natural that event data recorders would make use of such services.

The implications of this are not yet truly clear, and present several unanswered questions in the realm of privacy. Though many owner’s manuals are required to stipulate what sort of data is collected, it is to be expected that many owners would flip through the manual and just get to driving, thus making a driver unaware that every mile could potentially generate vast amounts of data, depending on make and model.

Raising privacy concerns

What follows are two of the most significant questions in regards to connected cars – what sort of information can be gleaned from an event data recorder, and who can access it?

The answer to the first question is that while it can vary by brand, feature set and such, several commonalities can be found – whether seat-belts were used or not, if the airbag was used, the speed of the automobile, information regarding brakes, what the force of the impact was, the angle of steering, and so on – dry, objective data. According to an article in Edmund’s, the event data recorder is unable to tell who was driving, where the incident took place or anything that would likely personally identify the driver or passengers, just the status of the vehicle itself.

As time goes on, sensors will get cheaper, allowing more of them to be embedded within a manufacturer’s fleet at a lower cost. With inexpensive sensors come smaller, power-efficient cellular antennas, such as those used by GM’s OnStar. Originally designed to assist drivers in case of an accident through a voice call to an operator who can connect to emergency services, such services, known generally as eCall, also transmit vehicle as well as location data via cell tower triangulation and GPS. With this information, ambulances would be able to reach the scene of the accident much faster than a dazed driver breathlessly trying to communicate their location to an operator.

To a vehicle owner, such services generally provide peace of mind, but over time, one would have to be concerned about what an eCall service would do when there wasn’t an accident, or if perhaps they wished to discontinue the use of such a service. In the case of OnStar, there already was an answer, albeit one that raised unsettling questions. According to the article in Edmund’s, for a period of time, OnStar stated that even though a customer had ended their subscription, the service would still keep a close eye on vehicle data, and even sell the data to outside entities. It was only through outcry by the public at large and the media that such plans were scrapped.

If an eCall service can read the data from a vehicle even if one no longer subscribes to the service, the last question can be answered, though the response is both positive and negative. It is said that one of the most common responses of lawyers to questions like this is their old refrain – “it depends” – and for the data collected by sensors in a modern automobile, this catch-all is the best answer. Who can access the information depends from state to state, jurisdiction to jurisdiction, though often such information is highly sought after by insurance companies, law enforcement, and naturally, lawyers[2]. Theoretically, data such as that obtained through impartial sensors that dutifully record the state of the vehicle at the time of impact is objective, silent witnesses to a collision.

For consumers, this could prove their case if they were not at fault, though at the same time, the sensors could show that they were negligent if their own statements do not match reality.

Theft and hacking of connected cars

Event data recorders and eCall services are not the only connection to the Internet of Things for vehicles, especially when it comes to integration with smartphones. In a white paper published by the GSM Association, a cellular industry group, cellular integration is projected to be a field of immense growth and opportunity in the near future. In a section entitled “convenience,” certain features are listed that would allow certain functions of the car to be accessible by smartphone. Remotely unlocking a door or finding the location of a car (in the style of Apple’s “find my iPhone”) is well and good, but that is dependent on the smartphone itself. If a car owner either doesn’t put a password on their phone or uses a password that is easy to guess, it would not take much for someone else to surreptitiously take the phone, open the car door and steal whatever valuables they desired, all without a physical key. If the car didn’t happen to be nearby, the thief would just have to use the app to lead it right to the vehicle.

Unless the weakest point in the chain – the smartphone – is secured from the start, or such features disabled, there will be much more than a user’s privacy at stake.

Benefits of connected cars outweigh the risks?

Despite issues like the above, the benefits often outweigh the problems like that described above. In the same whitepaper, the use of cellular technology in vehicles would allow an owner to make use of “Stolen Vehicle Tracking,” or SVT, which would allow an owner to track where their automobile would be in case someone made off with the car itself. This information would then be available to law enforcement to locate the stolen vehicle and catch up to it, possibly even apprehending the thief before they even knew they were found out. If the car owner ensured that they never used the “convenience” features or better yet took steps to ensure the security of their smartphone, then it would be much harder for anyone to maliciously use their investment against them. The Internet of Things is comprised of many types of devices, but one of the most expensive, one’s vehicle, can be protected whilst providing benefits that would have been unimaginable a decade ago.


About Jeremy Dalkoff

Graduate student, Depaul University. I am currently working on a MS in Computer, Information and Network Security at DePaul University, School of CDM

Leave a Reply

Your email address will not be published. Required fields are marked *

eight × 3 =

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>