It's not just that smart cars' Android apps are sloppily designed and thus horribly insecure; they are also deliberately designed with extremely poor security choices: even if you factory-reset a car after it is sold as used, the original owner can still locate it, honk its horn, and unlock its doors.
Again, this is by design: because auto-makers are worried about lockout and hacks (for example, a valet resetting your car to lock out your app), only the original dealer can sever the car's connection with the cloud accounts of the original owner.
Charles Henderson, the leader of IBM's X-Force Red security division presented on this risk at last week's RSA conference in San Francisco (you can read his essay on the subject here). His ultimate recommendation is this counsel of despair: unless you are very technologically savvy, you should only buy new cars, not used ones.
It's not just cars, either -- the problem extends to smart appliances, thermostats, and other devices. Renting a house, staying in a hotel room, or buying a house without replacing its appliances and HVAC systems also exposes you to risks from the previous users of the devices in it.
When Henderson approached car makers about letting car owners wipe apps, companies were concerned about people not being able to do it properly.
“The explanation we were given was fear of user error,” he said. “But a pin system for reset or an authentication-required reset system would be my suggestion.”
Reselling connected devices causes problems beyond the used car lot. Selling homes with connected devices can be a security issue, too. Security cameras, smart fridges, and smart lights can all retain the previous owner’s data.
An IoT Love Story: Always Apart, Never Disconnected
Why buying used cars could put your safety at risk [CNN]
The Boeing 737 Max is out of service around the world, following a fatal crash of an Ethiopian Airlines and an Indonesian Lion Air flight and there is intense investigation and speculation as to the cause of the crash.
Willie Cade's grandfather Theo Cade was one of John Deere's most storied engineers, with 158 patents to his name; he invented the manure spreader and traveled the country investigating stories of how farmers were using, fixing, modifying and upgrading their equipment; today, Willie Cade is the founder of the Electronics Reuse Conference, having spent a […]
Some 1,600 people were secretly livestreamed while staying in South Korean motel rooms where cameras had been hidden by criminals who operated a 4,000-user service for voyeurs, where a $45/month upcharge bought subscribers the right to access replays and other extra services.
Got a vision to put on film? The Film & Cinematography Mastery Bundle shows you how to put it there, with classes covering gear, lighting, production – even marketing. Even in this age of indie cinema, filmmaking can seem like an exclusive world for the chosen few. But with the right eye – and the […]
If you’re into tech at all, you should definitely consider unleashing your inner tinkerer on a Raspberry Pi board. If you’re intimidated, don’t be. It’s a statistical probability that people half your age have created cooler things than you can imagine with the versatile kit. Not sure where to start? The Complete Raspberry Pi 3B+ […]
Are you super organized? You’re going to love the Genius Pack G4 and its seemingly limitless, well-placed compartments. Not that organized? You’re still going to love this piece of luggage because it’s so well thought out that it practically does the packing for you. We’ve all tried to stuff a piece of carry-on so full […]