The Washington Post hacked into a Chevy Volt several days ago with the help of a automotive technology expert to find out just how much automakers are spying on their owners and discovered that vehicles are recording their owners’ every move.
The Post used a 2017 Chevy Volt for its experiment and learned that the car collected a wide range of highly precise data ranging from the vehicles location to information about the driver’s cell phone, including call records — noting that many vehicles copy over personal data the moment that a smart phone is plugged into the vehicle.
The Post noted that the Chevy Volt did not inform drivers what information it was recording and did not make mention of it in the owner’s manual since there are no federal regulations protecting consumer’s privacy and data from automakers.
The Post went to Jim Mason, who has a PhD in engineering and reconstructs car accidents for a living by hacking into vehicles, for help hacking into the Chevy Volt.
Mason focused on hacking into the car’s infotainment system since it was the easiest computer, out of several computers in the vehicle, to physically get to inside the car.
After having to take a bit of the car apart to reach the computer, The Post found that Chevy collected the following information:
There on a map was the precise location where I’d driven to take apart the Chevy. There were my other destinations, like the hardware store I’d stopped at to buy some tape.
Among the trove of data points were unique identifiers for my and Doug’s phones, and a detailed log of phone calls from the previous week. There was a long list of contacts, right down to people’s address, emails and even photos.
For a broader view, Mason also extracted the data from a Chevrolet infotainment computer that I bought used on eBay for $375. It contained enough data to reconstruct the Upstate New York travels and relationships of a total stranger. We know he or she frequently called someone listed as “Sweetie,” whose photo we also have. We could see the exact Gulf station where they bought gas, the restaurant where they ate (called Taste China) and the unique identifiers for their Samsung Galaxy Note phones.
The Post noted that GM would not reveal what information it was collecting on drivers and that the other computers in the vehicle, including the infotainment computer, collect far more information than what Mason was able to pull up.
The vehicle also collected information on “acceleration and braking style, beaming back reports to its maker General Motors over an always-on Internet connection,” The Post added. “Coming next: face data, used to personalize the vehicle and track driver attention.”
The Post reported that 20 automakers pledged in 2014 to voluntarily adhere to privacy standards that protected consumers privacy by protecting their data — although none of the 20 automakers followed through on their promises.
As 5G cellular technology becomes integrated into cars in the future it will become even more important for Americans to advocate for their privacy rights as China’s potential entry into 5G markets in the U.S. is a significant national security threat for the U.S.
Fears that vehicles could be hacked and taken over by someone outside the vehicle who has a sinister intent are not only legitimate, they are well-rooted in reality because it has happened.
In July 2015, The Washington Post reported on one such criminal instance:
The complaints that flooded into Texas Auto Center that maddening, mystifying week were all pretty much the same: Customers’ cars had gone haywire. Horns started honking in the middle of the night, angering neighbors, waking babies. Then when morning finally came, the cars refused to start.
The staff suspected malfunctions in a new Internet device, installed behind dashboards of second-hand cars, that allowed the dealership to remind customers of overdue payments by taking remote control of some vehicle functions. But a check of the dealership’s computers suggested something more sinister at work: Texas Auto Center had been hacked. …
… Police later reported more than 100 victims and charged a former dealership employee with computer crimes. …
…Widespread hacks on cars and other connected devices are destined to come, experts say, as they already have to nearly everything else online. It’s just a question of when the right hacking skills end up in the hands of people with sufficient motives.
Also in 2015, Andy Greenberg wrote at Wired about how his Jeep was completely taken over by Charlie Miller and Chris Valasek, who hacked the vehicle as part of an experiment to which Greenberg agreed. Greenberg wrote:
I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold.
Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass. …
… Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.
The hackers were able to completely kill the transmission on the vehicle from miles away as it drove on the freeway, which is less than they did to Greenberg two years prior in 2013 when they “disabled [the] brakes, honked the horn, jerked the seat belt, and commandeered the steering wheel” on a couple of different vehicles that they had Greenberg drive.
WikiLeaks released a trove of documents in 2017 that revealed that the U.S. government has extremely sophisticated hacking tools that it can use to spy on people through televisions, smartphones, and even anti-virus software.
“Tucked into WikiLeaks’ analysis of a trove of documents allegedly from the Central Intelligence Agency is a stunning line: That the agency has looked into hacking cars, which WikiLeaks asserts could be used to carry out ‘nearly undetectable assassinations,'” The Washington Post reported.