Drivers urged to delete sensitive information or face data risk from connected cars
Drivers have been urged to ensure they delete all the personal data collected by their cars or risk their details falling into the wrong hands.
Most modern cars feature a huge array of “connected” features, which gather information about the car and driver and cover everything from vehicle performance data to navigation information, where a person lives and works and even music preferences.
Such systems mean drivers and passengers have a host of personalised features to make their experience smoother and more convenient but they also mean that vehicles contain a huge amount of sensitive data that could be exploited.
Now, leasing giant Select Car Leasing has warned motorists to delete all their data before they sell or swap their vehicle.
Graham Conway, managing director of Select Car Leasing, said: “Modern cars collect and retain a lot of data, especially on infotainment systems. This can include contacts, home addresses and even bank and credit card details linked to software such as Apple Pay or Google Pay.
“Not only could this potentially sensitive information be easily accessed by the new owner of the vehicle, but also total strangers if they decide to sell the infotainment system. So I would urge drivers to carry out a factory reset of anything that can collect data before handing over the vehicle to make sure it’s all wiped clean.”
“Connected” cars operate much like smartphones – collecting information about the owner and their habits in order to improve the user experience. Many require an app to access all of the features, while further preferences and habits can also be harvested when you visit a manufacturer’s website or interact with them on social media. Phone calls, live chat and correspondence through third parties such as finance companies are also registered.
Vehicle manufacturers go to great lengths to protect this, investing huge sums of money in cyber security while using “hashing” or sophisticated encryption to safeguard the data. But if the information isn’t cleared from a vehicle before it changes hands it could be left accessible to complete strangers.
To highlight the kind of information that is at risk, Select Car Leasing analysed the UK’s top 20 best-selling car manufacturers’ connected vehicle data privacy and protection policies.
German giant Volkswagen topped the list, tracking 18 out of a potential 22 categories of information about its drivers. These include not only basic customer details like name and address but also the vehicle’s location, voice recordings from voice commands and even social media profiles. Volkswagen is also able to track your interests as part of its marketing.
EV groundbreaker Tesla tied with Japanese manufacturer Nissan in second spot, both keeping tabs on 17 different data types. Tesla is renowned for the data its vehicles collect using external sensors and cameras, but it can also record video and photos from inside vehicles via a camera in the rearview mirror. This is done in the event of an accident, while autopilot data can also be logged.
How to manage the data your car stores
Mr Conway said: “This highlights just how much of your personal data can be collected. But as well as doing a factory reset, there are some other steps you can take when selling or returning a vehicle.
“You can opt out of many different types of data collection by not giving your permission when you first get your vehicle. If you already own it, update your marketing and data preferences directly with the car manufacturer and through associated mobile apps.
“If you’re not sure what information is stored on your vehicle or how to erase it, your local dealership should be able to carry out an on-the-spot service. And it’s also well worth reading the terms and conditions when you buy a new car, or download a carmaker’s app, to ensure that you know exactly what you’re agreeing to.
“It’s hard to avoid using an app when buying a new vehicle, so keep track of any updates as these often include security releases that can stop someone from accessing your personal information.”