Wind Advisory issued January 23 at 3:40AM PST expiring January 24 at 10:00AM PST in effect for: Orange, Riverside, San Bernardino, San Diego
Tsunami Watch issued January 23 at 3:17AM PST expiring January 23 at 4:16AM PST in effect for: Alameda, Contra Costa, Los Angeles, Marin, Monterey, Napa, San Diego, San Francisco, San Luis Obispo, San Mateo, Santa Barbara, Santa Clara, Santa Cruz, Sonoma, Ventura
SAN DIEGO (KGTV) - Technology makes life easier on the road, but if you’re not careful the information your phone shares with the car could get into the wrong hands.
"The cars have made it easy to hook in,” said Murray Jennex professor of Management Information Systems at San Diego State University. “At the same token, it’s collecting data.”
It may sound like a bad pick up line, hey rental car you want my contact information, but if you pair your phone when you get in you’re forming a connection that could eventually lead to heartbreak and disappointment.
"You’re saying you that you trust the vehicle and you want to enable that vehicle to communicate with your phone,” said Ted Harrington executive partner at Independent Security Evaluators.
One of ISE’s specialties is a vulnerability in vehicles.
Years ago they successfully built a weaponized software radio that allowed them to start a Ford Explorer without the authentic key.
Team 10 asked Harrington to walk us through a Bluetooth connection in cars for more insight into what information you’re sharing with your rental ride.
“Essentially what it is, is that the car is connecting over a wireless communication protocol, that’s what Bluetooth is,” Harrington said. “What you’re doing when you’re connecting to the radio in the vehicle is you’re saying you trust the vehicle and you want to enable that vehicle to communication with your phone.”
Harrington said from a privacy perspective there are several issues with connecting your phone.
"Once you connect to the onboard system, the onboard system now remembers you,” he said. “That is a problem for possibly several reasons depending on your level of paranoia. One reason would be that whatever you title your phone as, this machine for now forever remember it.”
In the vehicle Team 10 rented we found five different phones paired with the car. People called their phone all sorts of things, including what looks like their actual names.
“When I first saw this I audibly exclaimed that I’m looking at someone’s first and last name and what type of phone they have, whether its an iPhone or an android,” he said. “That’s a lot of information that’s just free for me to access, no one’s hacking that, the car is giving that information out right now.”
According to a Federal Trade Commission post on the topic depending on the system “If you connect a mobile device, the car may also keep your mobile phone number, call and message logs, or even contacts and text messages.”
"There’s a big market for data,” said professor Jennex. “People are going out of their way to find the richest possible data they can from you and of course your phone is one of the richest sources.”
Jennex says he will never connect his phone wirelessly to a rental car. He says people forget to disconnect when they return the car, potentially leaving personal information out there for anyone else who rents the car.
Team 10 investigator Adam Racusin asked Jennex if he thinks rental car companies should be telling people to delete their Bluetooth when they are done.
No one is saying don’t rent a car, but if you decide to connect to a rented car remember to delete your phone connection when you return it.