ADVERSARY TECHNOLOGY: Washington Post Hacked into a Chevy Volt to Show How Much Cars Are Spying on Their Owners.
For now, exactly what information goes where is a bit of an unknown by anyone other than the automakers themselves. As Fowler writes, “My Chevy’s dashboard didn’t say what the car was recording. It wasn’t in the owner’s manual. There was no way to download it.”
To figure this out, Fowler had someone hack into the Volt. He discovered that the car was recording details about where the car was driven and parked, call logs, identification information for his phone and contact information from his phone, “right down to people’s address, emails and even photos.” In another example, Fowler bought a Chevy infotainment computer on eBay and was able to extract private information from it about whoever owned it before him, including pictures of the person the previous owner called “Sweetie.”
While GM was the subject of Fowler’s experiments, it’s not the only company collecting data on its drivers. In 2017, the U.S. Government Accountability Office looked at automakers and their data privacy policies and found that the 13 car companies it looked at are not exactly using best practices. For example, while the automakers say they obtain “explicit consumer consent before collecting data,” the GAO says they “offered few options besides opting out of all connected vehicle services to consumers who did not want to share their data.”
h/t GR