[German]Thanks to infotainment systems and interfaces, modern cars are increasingly becoming driving databases. This also increases the interest in accessing this data, especially since this data is only inadequately protected against access by third parties. This can also become a problem when selling vehicles. The security experts at Check Point want to raise awareness of how much data is collected and stored by modern automobiles – and what dangers may arise from this.
Advertising
Only informed contemporaries are aware of the problem that personal data may be passed on to third parties via the infotainment systems when rental cars are returned.
The risk, when selling vehicles
Every year thousends of cars changed their owners worldwide – many of them equipped with modern IT equipment for navigation or communication as well as interfaces for smartphones. Various data relating to the previous driver was collected and stored via these, possibly even synchronized with the cell phone.
If this data is not adequately protected and not deleted in the event of a sale, it is a welcome target for hackers and blackmailers. This could allow them to obtain contact information, phone numbers, text messages, locations and driving directions. Check Point Research (CPR), the threat intelligence division of Check Point® Software Technologies Ltd, warns that modern used cars can become a target for data thieves. Christine Schönig, Regional Director Security Engineering CER, Office of the CTO – Check Point Software Technologies GmbH, comments: Technologies GmbH, sagt dazu:
Technological advances in our vehicles have become so sophisticated that many functions are now available in virtually all city cars that are continuously connected to IT systems. These functions include: Bluetooth connectivity for pairing SmartPhones, GPS navigation, digital radio, W-LAN hotspots, collision avoidance systems or remote diagnostics. Because of these functions, cars are quickly becoming databases on wheels – and thus lucrative targets for criminals.
Drivers and dealers need to be aware of the attraction that such a library represents for attackers. It is therefore essential to delete the data conscientiously in the event of a sale, and manufacturers have a duty to reliably and comprehensively protect the systems implemented in the car against attacks.
