Welcome to #WeekendWisdom number 47. This week we’re going to talk about how safe are connected cars.
I’m not going to talk about the scary stuff that you see in movies about hackers taking control of vehicles and crashing them and that. No. I’m going to talk about something much more mundane than that.
Why am I asking the question about how safe are connected cars?
There are two stories that I’ve become aware of in recent times, which were quite similar though they were spaced many years apart.
The never ending lease
In the first case, there was a person who had leased a car from a particular manufacturer who had the car for a number years and then handed it back in 2016. Earlier this year (2020) they got a notification from that manufacturer about something to do with their car. And they thought “That was odd. I don’t own that car anymore.” So they thought they’d log into their online account for the car to see if their credentials were still valid. And they were.
They were able to see their car. Could see where it was located. They could turn on the engine. Could turn off the engine. They could open doors. Could lock the doors. So they still had access to their old car. Four years later!
An unexpected long term rental
Similarly another person late last year had rented a car for a period of time and they noticed that the manufacturer of that car had an App. So they set up the App which just needed the VIN number of the car and they were able to control car for the period that they had it rented for. 5 months later they still have access to the car and doing the same things. They could open doors, turn on the engine, etc. They notified the manufacturer about this but nothing had happened.
What do you need to do?
So if you’ve sold a car, traded in a car, gotten rid of a car, rented a car, make sure the damned thing gets reset. That nobody can gain access to your car after the fact.
So that’s it for this week. Let’s be careful out there and we’ll talk to you again next week.
How can L2 Cyber Security help you?
We offer a full range of training programmes, which can be delivered online or in-person*.
L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.
Contact us for more information at info@L2CyberSecurity.com.
*With appropriate social distancing and other health and safety measures adhered to.