It's not just that smart cars' Android apps are sloppily designed and thus horribly insecure; they are also deliberately designed with extremely poor security choices: even if you factory-reset a car after it is sold as used, the original owner can still locate it, honk its horn, and unlock its doors.
Again, this is by design: because auto-makers are worried about lockout and hacks (for example, a valet resetting your car to lock out your app), only the original dealer can sever the car's connection with the cloud accounts of the original owner.
Charles Henderson, the leader of IBM's X-Force Red security division presented on this risk at last week's RSA conference in San Francisco (you can read his essay on the subject here). His ultimate recommendation is this counsel of despair: unless you are very technologically savvy, you should only buy new cars, not used ones.
It's not just cars, either -- the problem extends to smart appliances, thermostats, and other devices. Renting a house, staying in a hotel room, or buying a house without replacing its appliances and HVAC systems also exposes you to risks from the previous users of the devices in it.
When Henderson approached car makers about letting car owners wipe apps, companies were concerned about people not being able to do it properly.
“The explanation we were given was fear of user error,” he said. “But a pin system for reset or an authentication-required reset system would be my suggestion.”
Reselling connected devices causes problems beyond the used car lot. Selling homes with connected devices can be a security issue, too. Security cameras, smart fridges, and smart lights can all retain the previous owner’s data.
An IoT Love Story: Always Apart, Never Disconnected
Why buying used cars could put your safety at risk [CNN]
First American Financial Corp is a Fortune 500 company that insures titles on peoples' property; their insecure website exposed 885,000,000 records for property titles, going back 16 years, including bank accounts (with scanned statements), Social Security numbers, wire transaction receipts, scanned drivers' licenses, tax records, mortgage records, etc -- when notified of the error, the […]
A new study reported in Nature (Sci-Hub mirror) tracks down the origins of the mysterious rise in CFC-11, a banned ozone-depleting greenhouse gas whose rise was first reported a year ago, and blames the increase on manufacturing in eastern China.
Mark Zuckerberg offered to let Chinese premier Xi Jinping name his firstborn (seriously), Apple purged the Chinese App Store of privacy tools at the request of the politburo; Google secretly built a censoring search-engine for use in China, but America's Big Tech companies are sounding the alarm that they will no longer be able to […]
If you’re into tools or gadgets, Memorial Day weekend is your Christmas. Take an extra 15% off the final price of these DIY accessories – all of which are already on sale – by entering the promo code WEEKEND15. LUXJET Universal 24-in-1 Magnetic Screwdriver Set & Repair Kit This small but sturdy kit won the […]
If you can build a cloud infrastructure, you can build a business. Companies are overwhelmingly turning to cloud computing to set up or bolster their network, and it’s easy to see why. It allows on-demand access to processing power, a la carte services, and nearly unlimited storage, all without adding extra systems and the maintenance […]
Does your gaming setup need an upgrade? No need to wait for Christmas. We’ve rounded up the latest tech accessories for your favorite video game platforms. All of them are already sale priced, but you can knock an additional 15% off the final price for Memorial Day by using the online code WEEKEND15. Audeze Mobius […]