During the development of Privacy4Cars, which is an app designed to help rid modern vehicles of personally identifiable information, Andrea Amico discovered the existence of a vehicle hack that can exploit infotainment systems through the Bluetooth protocol.
The company said Amico, its founder, reported the hack known as CarsBlues to the Automotive Information Sharing and Analysis Center (Auto-ISAC) immediately upon its discovery in February and has since worked with the organization on education efforts.
“Now that we have completed our ethical disclosure with the Auto-ISAC, we are turning our focus to educating the industry and the public about the risks associated with leaving personal information in vehicle systems,” Amico said in a news release.
That industry education included a presentation at Used Car Week earlier this month.
“The CarsBlues hack, given its ease to replicate, the breadth of situations in which it can be performed against unsuspecting targets, and the difficulty in detecting the exploitation, is a clear indication that industry and consumers alike need to be proactive when it comes to deleting personally identifiable information from vehicle infotainment systems,” he said.
Privacy4Cars says it may be a good idea for drivers to delete personal data from their respective vehicle’s infotainment systems before anyone else uses the vehicle.
The company also urges the industry to consider a policy on protecting consumer data, perhaps in the same vein as the telecommunication industry handles returned phones.
In a news release, the company suggests the consumers most susceptible to this hack are those who have synced their phones in vehicles that aren’t in their control anymore. The net is wide: it includes cars that have been rented, shared, loaned, sold, lease returns, repossessed or determined to be total-loss vehicles.
“Additionally, people who have synced their phones and given others temporary access to their personal vehicle, such as at dealerships' service centers, repair shops, peer-to-peer exchanges, and valets may also be at risk for CarsBlues,” the company said.
Privacy4Cars later adds a note indicating that as of mid-November, it “believes that for the many makes, models, and years affected by CarsBlues. Deleting the personal data from the vehicle is the most reliable protection. To fulfill its social mission and commitment to vehicle privacy, Privacy4Cars has decided to continue to offer its namesake app available as a free download for consumers on iOS and Android devices.”