Security researchers have revealed that some Connected Car apps may leak information despite being wiped.
Among the most high-profile breaches so far involved Jeep, after researchers hacked a vehicle and took full control of it. Everything from controlling the radio to cutting its transmission.
What’s terrifying about the findings is that sensitive data can remain after a car is wiped and can be accessed by any individual.
This flaw was discovered when a security researcher for IBM traded in his convertible for a family car. Being a security researcher, he deleted all personal data before handing over the keys. The garage then undertook their own protocols to ensure that no data remained.
However, after receiving the new car, the researcher noticed his old car was still listed in the management app.
“Over time, I began to realise that the car wasn’t going to expire. Days went by, then weeks, months and, eventually, years. It was obvious that whoever had purchased my old car had not enrolled it in the mobile app,” he wrote on his security blog. “This is where my curiosity kicked in – were manufacturers only designing IoT functionality for the first owner because that’s where their revenue comes from?”
Beyond the First User
This is another case of an IoT company failing to consider security beyond the initial user.
Kaspersky has also published findings on seven Android-based connected car apps – six of which did not encrypt usernames.
The findings of both Henderson and the Kaspersky team highlight the need for an improved focus on IoT security. Clearly many devices are created around the first user only. This is a glaring security hole.
However, some responsibility must fall on to consumers to be more wary about the data their vehicle contains. It is vital that we put more pressure on manufacturers to ensure it’s protected.
How Does This Affect Businesses?
This concern isn’t limited to vehicles. Security is one of the key concerns many businesses have when it comes to recycling their old IT. Naturally, they are concerned that their old computers may still contain confidential information, despite them being wiped or restored. That’s where Tier 1 come in.
Secure data erasure is the absolute bedrock of our business. We are trusted by central government and major corporations who expect the highest standards. We’re proud to be a Blancco ‘Gold’ partner and a strong, process-led approach ensures enough checks and balances to guarantee secure sanitisation of data. We get it right every time which is why our customers become long-term partners.
If you would like any help or advice with the responsible disposal of your IT hardware then call us on 0161 777 1000.