Connected Car Data Handover Headache: There's No Quick Fix... and It's NOT Just Land Rovers
Who has the keys to your car?
The perils of previous owners retaining unfettered access to the data and controls of connected cars after resale is a wider problem across the industry, The Register has discovered.
We have confirmed that BMW, Mercedes-Benz and Nissan may all have much the same issue as Jaguar Land Rover, the focus of our recent article on the topic.
Reg reader Howard B told us that BMW showed indifference when he pointed out that he was still connected to one of its vehicles even after he sold it on.
"I was still able to unlock and lock a previous vehicle I had owned, flash the lights, start the ventilation, etc, and see where the car was parked," Howard told us. "Dealers should be making sure that the car is registered to a connected app account in their name so that the vehicle is no longer on a private individuals account."
Howard B said he was able to access this data for "at least" six months after the vehicle was sold on, and noted that if he'd been of a dishonest nature he could have used the information for dastardly means.
The car is now connected to another person's drive account but Howard said when he raised the concerns with BMW Connected services and the dealership, "they weren't interested".
In response to an El Reg query, BMW offered an explanation of its connected car procedures. Drivers selling on internet-enabled BMWs should disconnect themselves from the car before a sale. This will happen anyway once the new owner hooks up to with a BMW account, the car maker said.
The customer need[s] to delete the mapped profile online at the ConnectedDrive account. Customers can delete the mapping via the Head-Unit and get a notification to delete the data online at the ConnectedDrive account as well.
Once a customer connects the car with a new ConnectedDrive account, all previous connections will be deleted.
New BMW owners are in a better position than newly minted Jaguar Land Rover owners, who are unable to evict the previous owners from access to the data and controls of connected cars simply by connecting themselves. Unlike BMW's situation, dealer action is needed in the case of JLR. Our tipster is nonetheless dissatisfied with BMW's approach.
"The vehicle is deleted from a previous owner's connected drive account when a new owner adds the vehicle to their account, but if that new owner is not a technology type of person or does not know about apps then it will stay on the previous owners account," Howard pointed out.
He added that BMW's approach relies on everyone following the car maker's guidelines, a common criticism among several drivers we've spoken to about the topic.
Beep Mercs the spot...
Owners of other brands of connected car are also affected by much the same issue. Chris Rogers, a US-based hacker and transportation security expert, told The Reg it took a call to Mercedes-Benz to remove the previous owner's info from a recently acquired second-hand S550.
We've also heard of someone who sold his previous car through a main dealer in the Netherlands more than a year ago but still has remote control over it, as previously reported.
Our initial article prompted further examples from Reg commenters.
"HWwiz" told us the JLR issue also affected newer Mercedes from approximately 2014 onward.
"If the last owner does not log in online and remove the car from their Mercedes Me account, then they can continue to remotely monitor the car, lock / unlock doors, etc," our contact said.
"Non-Mercedes dealers have no control over this, whereas main dealers can terminate the accounts during re-sale."
In a statement, MB placed the onus on previous owners to un-register themselves when connected cars are re-sold.
Since Mercedes-Benz is not always aware that the vehicle is sold we cannot proactively deregister the vehicle from the Mercedes me account. The new owner always has the ability to visit an official Mercedes-Benz dealership to have the vehicle deregistered and registered to his own account.
The issue of who controls the data on connected cars is a topic that also affects drivers of mainstream motors as well as luxury brands. Volvo, Nissan and possibly other brands such as Renault also seem to be affected.
Reg commenter "clhking" told us: "Our Volvo bought from a Volvo dealership was not unbound. But the subscription to Volvo On Call [had] expired. So the previous owner would have had to pay to retain access to our car. When I called to activate our account the VIN (vehicle identification number) was still bound to the previous owner."
The Register asked Volvo if it had anything to say about the implied criticism that its procedure for selling on connected cars fails to block access to sensitive information and controls from previous owners. The car maker, which offered to help our reader, said that app unbinding was part of its resale process.
The comprehensive process covered under the Volvo Selekt approved used car programme does include a check that the previous owner has deactivated their links to the car.
UK infosec researcher Scott Helme told El Reg that he could access his Nissan Leaf connected car "for months" after he sold it on.
It's like selling your phone
Used connected cars need disconnecting, as UK government cyber assurance agency NCSC pointed out after our initial report. Consumers have got used to the idea of factory resetting their smartphone before selling it on. Cleaning out a car before resale is a well-understood practice but this applies only to the contents of a glove box and not to the data a connected car holds, which can include sensitive travel movements, other information and more.
"Users are also familiar with the concept of a phone having and storing personal data [but] not with a car," Helme told El Reg.
Other security researchers we've spoken to faulted car makers for failing to think the issue through when they rolled out the technology. The problem is not as simple as it might appear. One solution, such as having a button inside held for 10 seconds to disassociate the old owner from the system, for example, could inadvertently help car thieves.
One Reg reader, "macjules", said Tesla had come up with an example others might want to follow. "All they need is a functionality similar to Tesla. Go to Backup and Reset and select Factory Data Reset. Car is completely reset and new user can register."
El Reg attempted to confirm with Tesla that this was how its system worked but we've yet to hear back. Security consultants with experience in connected cars expressed interest in the approach without endorsing it.
Although most respondents were critical of car makers in general, one reader countered that calls for automated connected car disassociation-on-sale functionality were unfair to car makers such as JLR.
"LeeE" said: "This is an unreasonable demand to make of JLR because any such automatic bullet-proof method would be dependent upon a similarly bullet-proof system/process whereby JLR is informed of the sale of any of their vehicles, including private sales."
In general, problems arise when the seller of the vehicle fails to un-register their old account/vehicle association when they sell it. The situation is further complicated by the fact that it may not be the most recent seller but someone a few owners back that needs to have their access curtailed.
"It is the responsibility of the previous customer to disconnect and owners of cars with this tech will need to get used to checking their purchase has indeed been disconnected," as one anonymous (coward) comment put it.
Car makers typically run the apps and manage the servers through which connected car services are delivered, making them "data controllers" under the General Data Protection Regulation. They are certainly data processors because they process personal information about owners and drivers of their cars. This could come to present legal peril for JLR and others.
Specialist IT solicitor Dai Davis has told El Reg that Jaguar Land Rover may run into GDPR regulatory issues over its role in the data held by connected cars and their resale. The same legal reasoning would apply to other car makers following the same practices.
It could be that the telematics service platform (TSP) providers are at minimum partially culpable. "The TSP providers behind it all haven't really figured out the problem properly," one leading security consultant told El Reg. TSP firms such as CloudCar (strategic partner to JLR in the development of cloud-based infotainment), Kuantic and Harman (the Samsung-owned infotainment and connected car partner of BMW) work with a variety of car makers.
El Reg asked CloudCar and Harman to comment on whether they might be doing more to resolve the present situation around the sale of connected cars. We'll update this story as and when we hear more.
At the suggestion of Volvo we also contacted the SMMT (The Society of Motor Manufacturers and Traders, a UK auto industry trade body) for comment. SMMT argued that although car makers have a responsibility for data processing, consumers also have a role to play by getting into the habit of removing their data and dissociating their smartphones when they sell on their connected cars.
Mike Hawes, SMMT chief executive, said: "Car manufacturers take privacy extremely seriously and customer consent underpins all personal data processing. While industry is committed to upholding a high level of customer data protection, including proportionate use of data, modern cars need to be treated the same as other connected devices.
"Owners should remove their digital information, and disable any associated online account, before selling a vehicle to another keeper. Personal data, including apps and paired mobile phones, can be removed from cars according to individual manufacturer instructions, giving peace of mind to motorists."
That approach may seem fair enough but it still throws up problems. For example, commenter "andymcp" reports getting test messages about a car he'd sold on even though he'd disassociated his mobile from the motor and uninstalled the app.
"Having been through the process of unlinking a car during a private sale (not JLR), even if the app has an 'end ownership' option, it also likely comes with an in-car registration that's entirely separate," he explained. "Hence you still get phone calls when the new owner sets the alarm off. Or reinstall the app after getting an alarm notification call to find it's been happily collecting data attributed to you for months. Or have a few buttons that offer you the chance to remote unlock, remote start, remotely activate the alarm, send destinations..."
Is it realistic to expect buyers of second-hand cars to know if the car has been connected? The response from the car industry has been to put the onus on the previous owner to delete data while minimising the role of auto manufacturers to come up with a well thought through process and for dealers to enforce it.
"When I buy a car, I want to be able to make sure MYSELF it is no longer accessible to previous owners, not rely on their goodwill or attention to detail," IT worker Mike Walters told El Reg, summarising the feelings of many drivers we've spoken to about the issue.
- Sales Manager (IT Managed Services)
- Up to £80,000 Base + Double OTE
Sales Manager (IT Managed Services) Ref BD7627 Salary: Up to £80,000 Base + Double OTE A great opportunity has come up for a Sales Manager to join a fast-growing IT infrastructure provider to manage their north west-based new business sales team. The Sales Manager will be responsible for leading an enterprise new business sales team who will be bidding and winning new business within the North West region. Skills & Experience required: Direct sales experience in the telecommunications/technology sector. Strong leadership/team skills and a positive track record in executing sales process & strategies and coordinating among internal and external stakeholders. Strong understanding of IT managed services such as Cloud, Cyber Security, Telecommunications (WAN/MPLS/SDWAN etc.) & Unified Communications. Have a team player attitude as well as being able to manage. Sales Manager Jobs, Telecoms Jobs, Telecommunications Jobs
- Security Overlay Specialist, Presales Consultant
- Up to £80,000 plus 25% Commission and benefits
RA7291 Location: South East Salary Up to £80,000 plus 25% Commission and benefits Security Overlay Specialist, Presales Consultant A technically minded but sale focus individual is needed to be the Security Overlay Specialist for a global Tier 1 Service provider, Your remit will be to be the technical sales advocate for solutions based on security and Managed Network Services products; proactively working with the Account teams, Marketing Teams, Strategic Partners and key customer prospects directly in the development of pipeline and closure of key deals in this technology domain. They are looking for someone who has the technical networking and security background with the ability to do high-level technical solution design but who enjoys being more sales-focused and is able to help shape and develop deals with customers and work internally in helping to shape and develop the solution proposition Key responsibility will include 1) Technical qualification 2) pipeline generation 3) key deal leadership They are not looking for a hardcore Security Deep Domain expert, more of a global network services generalist with good broad security knowledge and some experience in working on managed UTM and Threat Monitoring services deals, but eager to learn and skill up in this area. Presales Jobs, Pre-Sales Jobs, Overlay Sales Jobs, Cyber Security Jobs, IT Security Jobs
- Presales Consultant (Collaboration)
- £60,000 - £70,000 + bonus + benefits
Presales Consultant (Collaboration) RA7316B Location: London £60,000 - £70,000 + bonus + benefits One of the leading Global Telco’s are looking to expand their Collaboration presales team. The Presales Consultant will be responsible for providing technical guidance to the sales team and Enterprise Customer focusing around Cisco and Microsoft UC solutions. The Presales Consultant will have a good technical and general knowledge of cisco UC and Contact centre solutions and ideally experience to Microsoft Skype for Business and teams, you will be able to translate enterprise customer requirements into functional, effective and appropriate solutions for your customer base. Candidates need to have previous presales experience advising customers on collaboration solutions. You will need experience of doing high level design and presenting these solutions to C-level Executives. (Unified Comms Jobs, Unified Communications Jobs, UC Jobs, Collaboration Jobs)
- Collaboration Practice Lead
- Up to £90,000 + bonus + benefits
Collaboration Practice Lead RA5791 Location: London Salary up to £90,000 plus bonus and benefits Collaboration Practice Lead is required for a global Tier 1 Service provider, you will be part of a global team helping to shape and deliver UC and Contact centre (CC) solution to enterprise clients and select SI partners. Responsibilities include Regular interaction with multi Regional SMEs to understand divergent UC/ CC needs and drive a team of Solution engineers and aid them in review/ approve the functional design, prepare and present customized solutions etc. Support the Proposal team in RFI, RFP and SO Identify desired UC/ CC solution functionality, evaluate alternatives, close gaps with Product. Strong alignment with Various OEMs in Collaboration (Audio, Video, Web and Social) Industry. Ability to work with Engineering, Product and Marketing teams to offer feedback, bridge Gaps and conduct technology sessions and participate in Industry forums representing TCL. Create readily demonstrable demos and develop POCs with prospective customers thereby enhancing Sales Funnel for UCC portfolio. Able to position Hosted Solutions across Contact center, Webex and IPT Solutions against premise setups You will require Proven leadership skills that build relationships with key stakeholders. Ability to communicate effectively and experience in documenting requirements and specifications is essential. Ability to cross-train and mentor associates on UCC technologies and updates Strong Knowledge around SIP, IP PBX, Webex, IPT, Various Video endpoints, interoperability scenarios is desired. Knowledge and experience designing and implementing enterprise room-based and mobile videoconferencing systems Experience with enterprise Cisco voice platforms is required, including Communications Manager, Unity Connection, Cisco Presence, Contact Center Express or Enterprise, Telepresence, Jabber etc Enterprise voice, video, and collaboration architectures including core call processing, voicemail, presence, contact centre, call recording, video conferencing, instant messaging, etc. In depth understanding of high availability design best practices for enterprise voice and video systems Microsoft Skype and teams experience would be beneficial (Unified Comms Jobs, Unified Communications Jobs, UC Jobs, Collaboration Jobs)