Tech

Tech Company Says Cars Collect 25 Gigabits of Data per Hour, Making Them Targets for Hacking

Save
Tech Company Says Cars Collect 25 Gigabits of Data per Hour, Making Them Targets for Hacking
A seller shows the dashboard of the Tesla Model S car at the electric carmaker Tesla showroom of El Corte Ingles store in Lisbon, Portugal, on Sept. 1, 2017. (Patricia de Melo/AFP via Getty Images)
Naveen Athrappully
7/17/2023
Updated:
7/18/2023
0:00

Vehicles now collect a vast trove of personal data—from navigation history to text messages—that companies are increasingly looking to monetize, raising concerns about data privacy.

Cars today are like smartphones that have numerous apps connected to the internet which collect and share large amounts of data. Most owners do not know the amount of personal data that their vehicle collects and transmits, who collects it, for what purpose, and how it is used.

According to Privacy4Cars, a tech firm that aims to resolve privacy issues in the automotive ecosystem, a single modern car can have 60 onboard computers that run about 100 million lines of code and collect 25 gigabits of data per hour.

Andrea Amico, the founder and CEO of Privacy4Cars, told the New York Post there are two main sources of vehicle data. The first is the onboard sensors in the vehicles that collect data from the voice, fingerprints, retina, and iris, among others.

The second source involves various devices that are connected to the car like USBs and smartphones. When connecting such devices to cars, a host of data including text messages, social media posts, and photos can be downloaded.

Among the many pieces of information that are routinely left in car memory are phone books, call logs, passwords, biometrics, text messages, navigation history, home address, third-party apps, vehicle credentials, garage door codes, medical information, and financial details.

A growing number of companies are seeking to gain access to car data. Car manufacturers collect data that are used for maintenance and road assistance. Navigation and in-vehicle infotainment companies have access to data related to driving, music, and third-party applications.

Telecom operators that offer connectivity solutions can collect telematics data from the vehicle. Insurance companies use car data to create insurance products and decide on metrics like premiums and discounts.

The Markup identified 37 such companies that are part of the vehicle data ecosystem.
These include entertainment and navigation services like SiriusXM, Telenav, OnStar, TomTom, and Xevo; insurance companies like Allstate, Geico, Arity, and Farmer’s; telecom corporations like AT&T and T-Mobile; vehicle data hubs like CCC X, High Mobility, and Inrix; and telematics providers like Ericsson, Cambridge Mobile, Munic, Samsara, and Geotab.

Monetizing Car Data

Companies are increasingly looking to monetize vehicle data. In 2021, Ford filed a patent for technology that will display ads inside people’s cars.

An example would be a camera picking up data from roadside billboards while traveling and displaying it on the interior infotainment system of the vehicle, complete with phone numbers and website links, the New York Post reported.

Mr. Amico raised concerns about the “huge push” from the auto industry to turn vehicles into software platforms. “The industry refers to this as ‘the software-defined vehicle,’” he said.

Visitors look at a Tesla Model 3 electric vehicle at the third China International Consumer Products Expo in Haikou, Hainan province, China, on April 12, 2023. (Casey Hall/Reuters)
Visitors look at a Tesla Model 3 electric vehicle at the third China International Consumer Products Expo in Haikou, Hainan province, China, on April 12, 2023. (Casey Hall/Reuters)

Almost all vehicles coming out of factories have telematics, he said. Telematics refers to telecommunication and informatics systems within a vehicle that allows it to send and receive information, something similar to smartphones. Mr. Amico expects the trend to keep growing.

The objective of car manufacturers “is to dramatically expand the already large ecosystem of companies that offer services and subscriptions, and collect, share and sell data,” he said.

Mr. Amico believes “cars will increasingly become a platform to develop insights on consumers, not any differently than laptop and smartphones, but much more insidious and hard to avoid.”

Manufacturers “will add more and more sensors. So, consumers can look forward to more and more surveillance and a continuation of the current lax industry security and privacy practices if nothing changes.”

Hacking Threat to Data

Hacking is another major privacy concern when it comes to car data. According to Privacy4Cars, data privacy and breaches have been the most common cybersecurity threat against automotive companies over the last decade, accounting for 30 percent of such threats.

Car thefts and break-ins came in at the second spot, followed by gaining control of car systems and disrupting services.

As far as car owners are concerned, hackers can make use of software and hardware to gain control over a vehicle, USA Today reported. Bad actors can exploit bugs in software to gain access to the usernames and passwords of apps that allow the vehicle to be unlocked and started remotely.

Criminals can hack into a vehicle’s telematics data, allowing them to pinpoint the exact location of the owner traveling in the vehicle. They can also use exploit kits that utilize the onboard diagnostic ports of cars to replicate keys, as well as program new ones so as to steal the vehicle.

Mr. Amico pointed out that car owners will now have to face “attacks” from two sides. The first will be from “hackers who will be attracted by the increasing amount and value of data that companies in the broad auto ecosystem collect.”

The second will be “regular bad people who will leverage these technologies to stalk, harass, defraud, steal, and harm people.”