There are two main threats to your security (and your car\u2019s) posed by these high-tech modern vehicles. One is the risk of hackers or thieves making malicious use of whatever vulnerabilities they can find. As far back as 2015, security researchers showed they could hijack control of a Jeep Cherokee<\/a> through its connected infotainment system. Similarly, researchers demonstrated in late 2022<\/a> that a range of brands \u2014 from Ford and Hyundai to Porsche and Ferrari \u2014 were vulnerable to connected attacks. Those were ethical hackers<\/a>, whose job is to find vulnerabilities so manufacturers can fix them. Less-ethical hackers, of course, exploit the vulnerabilities themselves or sell knowledge of them (and sometimes the code necessary to exploit them) to third parties.\u00a0<\/p>\n\n\n\n Overall, though, the biggest cybersecurity threat to your vehicle may come from a second, unexpected source: its manufacturer. <\/p>\n\n\n\n We\u2019ve written before about your \u201cdigital footprint<\/a>,\u201d and how all the things you do online come together to provide companies with information about your preferences and habits. Some of that comes from your online activities, posts, and purchases, but other data is collected by your phone or other devices (that\u2019s why turning off location sharing in your apps<\/a> can be a good idea, for example).\u00a0<\/p>\n\n\n\n Of all your connected devices, only your vehicle rivals your phone as a source of user data. In September of 2023, the Mozilla Foundation (best known for its privacy-oriented Firefox browser) released a privacy analysis of the automotive industry<\/a>, covering 25 brands. It makes for less than comforting reading.\u00a0<\/p>\n\n\n\n All 25 brands failed to meet Mozilla\u2019s minimum standards for privacy and\/or data security (they\u2019re spelled out here<\/a>, if you\u2019re interested). Some of the highlighted concerns include:\u00a0<\/p>\n\n\n\n The sheer range and volume of data collected, from safety data like acceleration and braking to smaller details like <\/p>\n\n\n\n (NB: In a supporting article<\/a>, the Mozilla Foundation detailed well over 150 types of data manufacturers can collect about their drivers.)\u00a0<\/p>\n\n\n\n The report also found that a lack of clear privacy policies, data-use policies, or basic data protection policies plague the auto industry. More specifically, it revealed that\u2026<\/p>\n\n\n\n The report also uncovered a startling lack of transparency regarding cybersecurity and data protection protocols. <\/p>\n\n\n\n All in all, it adds up to show an increased need by the auto industry to take user privacy and protection seriously.<\/p>\n\n\n\n Carmakers have a direct interest in some of the data they harvest \u2014 it gives them useful feedback on how to improve their vehicles and software \u2014 but also generates some extra revenue. Finding ways to monetize that data isn\u2019t really their forte (aside from selling subscriptions for premium features), leading them to partnerships with third parties. <\/p>\n\n\n\n The result of this has been the rise of a whole ecosystem<\/a> of vehicle data hubs built around this data. The car companies provide them both with raw data and inferences drawn from that data \u2014 they might guess your race and ethnicity, for example, from your address, the places you go, and the music you listen to \u2014 and the brokers in turn package that up in a variety of ways for different clients.\u00a0<\/p>\n\n\n\n Some of these hubs use your personal data as-is, obscuring your identity in various ways, while others make a point of dealing only with anonymized data (which has identifiable details scrubbed). Anonymized data is more convenient for the companies involved because there are fewer regulatory constraints around how it\u2019s used. <\/p>\n\n\n\n \u201cSo all of this sounds<\/em> bad,\u201d you may be thinking, \u201cbut what kind of risks am I facing personally?\u201d <\/p>\n\n\n\n Well, there are a number of potential issues (with a varying range in how likely they are to occur). While cars being directly hacked isn\u2019t a common occurrence (for now, at least), malicious hackers could take control of your vehicle, as in the 2015 Jeep hack, or use your car\u2019s cameras and sensors to surveil you directly. Location tracking is a necessity for those frequently using GPS services, but they also open the door for ill-intentioned parties to track your whereabouts through the car\u2019s app, learning everywhere you\u2019ve been. <\/p>\n\n\n\n Then there\u2019s the question of the data that\u2019s been harvested, and how it\u2019s used. Data collection and use aren\u2019t all bad, and in fact, can be used to improve services and marketing. But, because the data that\u2019s gathered is so broad and so deep, it could be seen as a huge bullseye for criminals. The existence<\/em> of such a large and rich data set makes it a mouthwatering target for hackers. The huge quantity of information it represents would make any hack of a carmaker\u2019s systems a massive threat for identity theft. <\/p>\n\n\n\n If this were an article about phone- or computer-related risks, at this point we\u2019d offer up several steps you could take to make your device more secure. Unfortunately, with cars, there\u2019s not a lot you can do. Unlike phones, they\u2019re not meant to be tweaked by their users (in fairness, that would be a massive headache for the carmakers).\u00a0<\/p>\n\n\n\n That being said, there are a few things you can do to make yourself and your car more secure: <\/p>\n\n\n\n Most brands now have an app that links to your car\u2019s infotainment system, and leverages your phone\u2019s capabilities. In the Settings menu of your Apple or Android device, you can look at that app\u2019s permissions and limit them to what\u2019s absolutely necessary. <\/p>\n\n\n\n Aside from improvements and upgrades in the software, updates are often made to patch newly discovered vulnerabilities (like the ones revealed by the researchers we spoke of earlier). This won\u2019t keep your information from the car companies themselves, but reduces your exposure to hackers. <\/p>\n\n\n\n Typing your Vehicle Identification Number into its database<\/a> will tell you what data your manufacturer\u2019s privacy policies and Terms and Conditions allow it to collect, and on what terms. You\u2019ll also get a report of which data hubs they work with, and \u2014 where applicable \u2014 provides you with guidance on finding those companies and navigating their (usually complex) \u201cremove my data\u201d process.\u00a0<\/p>\n\n\n\n Minimize your digital footprint<\/a>, turn off tracking<\/a> on your phone, upgrade your passwords<\/a> (and maybe use a password manager<\/a> to help with that), and use multifactor authentication<\/a> wherever it\u2019s available. None of these steps will prevent<\/em> data collection or identity theft, but collectively they\u2019ll make it harder for identity thieves or anyone else who wants to de-anonymize your data.\u00a0<\/p>\n\n\n\n Similarly, signing up for Spokeo Protect<\/a> \u2014 our identity protection service \u2014 can alert you to identity theft, and, if you\u2019re a victim, offer a suite of protections against its effects. You can also search yourself periodically using our regular name<\/a>, address<\/a>, and phone number<\/a> lookup tools, which can frequently help you spot the common signs of identity theft<\/a>.\u00a0<\/p>\n\n\n\nWhy Carmakers Are a Big Threat to Vehicle Cybersecurity<\/h2>\n\n\n\n
\n
Lack of Clear Policies & Transparency<\/h3>\n\n\n\n
\n
\n
![\"understanding](\"https:\/\/i0.wp.com\/www.spokeo.com\/compass\/image\/eugene-chystiakov-PNyFt-UztfA-unsplash.jpg?resize=1024%2C576&ssl=1\")
<\/figure>\n\n\n\nThere\u2019s a Whole Data Ecosystem Around Cars and Drivers<\/h2>\n\n\n\n
What This Means to You Personally<\/h2>\n\n\n\n
What Can I Do About Automotive Cybersecurity? <\/h2>\n\n\n\n
Reign in the App<\/h3>\n\n\n\n
Always Keep Your Car and Your Devices Updated<\/h3>\n\n\n\n
Use a Service Like Privacy4Cars<\/h3>\n\n\n\n
Level Up Your Own Personal Security Measures<\/h3>\n\n\n\n
![\"\"](\"https:\/\/i0.wp.com\/www.spokeo.com\/compass\/image\/david-emrich-LcSpQ36Q2us-unsplash.jpg?resize=1024%2C684&ssl=1\")
<\/figure>\n\n\n\n