It's not just that smart cars' Android apps are sloppily designed and thus horribly insecure; they are also deliberately designed with extremely poor security choices: even if you factory-reset a car after it is sold as used, the original owner can still locate it, honk its horn, and unlock its doors.
Again, this is by design: because auto-makers are worried about lockout and hacks (for example, a valet resetting your car to lock out your app), only the original dealer can sever the car's connection with the cloud accounts of the original owner.
Charles Henderson, the leader of IBM's X-Force Red security division presented on this risk at last week's RSA conference in San Francisco (you can read his essay on the subject here). His ultimate recommendation is this counsel of despair: unless you are very technologically savvy, you should only buy new cars, not used ones.
It's not just cars, either -- the problem extends to smart appliances, thermostats, and other devices. Renting a house, staying in a hotel room, or buying a house without replacing its appliances and HVAC systems also exposes you to risks from the previous users of the devices in it.
When Henderson approached car makers about letting car owners wipe apps, companies were concerned about people not being able to do it properly.
“The explanation we were given was fear of user error,” he said. “But a pin system for reset or an authentication-required reset system would be my suggestion.”
Reselling connected devices causes problems beyond the used car lot. Selling homes with connected devices can be a security issue, too. Security cameras, smart fridges, and smart lights can all retain the previous owner’s data.
An IoT Love Story: Always Apart, Never Disconnected
Why buying used cars could put your safety at risk [CNN]
It’s not just Mexican cement giant Cemex that’s refusing to bid on the Great Wall of Trump; many of the firms in the super-concentrated large-scale construction sector are signalling their unwillingness to participate in the wall’s construction.
In 2012, Google rolled out Certificate Transparency, a clever system to spot corrupt “Certificate Authorities,” the entities who hand out the cryptographic certificates that secure the web. If Certificate Authorities fail to do their jobs, they put the entire electronic realm in danger — bad certificates could allow anything from eavesdropping on financial transactions to […]
With the shambolic FARC peace deal finally in place, the Colombian government is hoping to shift the country’s farmers from Colombia’s major cash crop: the coca leaves that are refined into the world’s cocaine supply. Perhaps with the guerrillas no longer defending the crops they relied on for operating capital, Colombia can put coca behind […]
When you can’t wait for the world’s longest meeting to end, the mindless leg bouncing makes your boredom obvious and just annoys everybody else. Everyone knows the TPS reports need the damn cover sheet, but some sadistic colleague keeps forgetting, probably on purpose just to eat into your lunch hour. Enough is enough!While serving a […]
What could be more fun than a slingshot that shoots tiny airplanes? A slingshot that shoots tiny glowing airplanes of course! These toy planes are outfitted with ultra-bright LEDs, so you can fly all night without losing them in the trees.Whether you are a regular-sized child, or an overgrown adult one, these light-up flyers offer […]
You know the drill. You go to the dentist and they ask you how often you floss. You lie through your teeth and say, “every day!” (Bonus points if you have some cilantro or chives stuck in your gums from lunch). You don’t want to keep up the charade any longer, but rubbing that tiny strand […]