Privacy Transportation Cellphones Security

Used Cars Can Still Be Controlled By Their Previous Owners' Apps

Posted by EditorDavid from the tooting-your-own-horn dept.
An IBM security researcher recently discovered something interesting about smart cars. An anonymous reader quotes CNN: Charles Henderson sold his car several years ago, but he still knows exactly where it is, and can control it from his phone... "The car is really smart, but it's not smart enough to know who its owner is, so it's not smart enough to know it's been resold," Henderson told CNNTech. "There's nothing on the dashboard that tells you 'the following people have access to the car.'" This isn't an isolated problem. Henderson tested four major auto manufacturers, and found they all have apps that allow previous owners to access them from a mobile device. At the RSA security conference in San Francisco on Friday, Henderson explained how people can still retain control of connected cars even after they resell them.

Manufacturers create apps to control smart cars -- you can use your phone to unlock the car, honk the horn and find out the exact location of your vehicle. Henderson removed his personal information from services in the car before selling it back to the dealership, but he was still able to control the car through a mobile app for years. That's because only the dealership that originally sold the car can see who has access and manually remove someone from the app.
It's also something to consider when buying used IoT devices -- or a smart home equipped with internet-enabled devices.

  • dealership only sales and service coming soon? or should end users have a way to do an full reset for free?

    • Dealerships that tote-the-note are familiar with, and quite fond of, maintaining control of some of the apps on your vehicle.

      If you miss a payment or two, they can (sometimes) use GPS to locate the vehicle, disable it remotely, and activate the horn if the vehicle is being sequestered nearby.

  • This kind of shit is exactly why I wont ever buy a car that has OnStar or any other connectivity back to the manufacturer.

    That includes at least all Buick, Cadillac, GMC, Chevrolet and Tesla vehicles.

    • tesla's are secured. It requires logon/passwd to get the app connected to the car. And upon selling, it will be changed.
      You lose asshole.
  • (FTA) IBM security researcher Charles Henderson:

    “If I was a consumer who was less than tech-savvy, I would probably consider buying new rather than second-hand for this reason,” he said.

  • This article was woefully lacking on information. I didn't know that this was a thing, and I still don't know what manufacturers, models, this is a thing for. Shitty article.
  • Other than Tesla's business software, their car software is majorly secured.
    Past users do not get to do this.
  • Back in the late 1990's, I had a roommate who owned a red Toyota Corolla. After we did some Christmas shopping at a busy mall, we were confused as to where the car got parked. My roommate found a red Toyota Corolla, unlocked the doors with his key, we got in and he started the engine. We immediately knew that something was off. For example, the interior was too clean. My roommate checked the registration to discover that we were in someone else's car. We got out, locked up the car and found his car a few ro

  • Are the previous owners not breaking the law by retaining such control? When you sell something then you are supposed to give up all interest and rights to it, to do otherwise is an act of conversion [wikipedia.org]

