Data Privacy Nightmares In Smart Cars: Understanding The Risks

Dive into connected vehicles with Hebberly Ahatlan, product marketing director at Intertrust Technologies. Uncover the data privacy nightmares surrounding smart cars and stay informed about safeguarding your privacy.

Modern vehicles are no longer mere modes of transportation but highly sophisticated data centers equipped with sensors, cameras, IoT devices, and connectivity features. They can capture various data, including driver behavior and habits, locations, preferences, conversations, and personal information such as contacts and financial data. 

The sheer volume of data that cars collect is staggering. As far back as 2014, McKinsey estimated a connected car generated around 25 GB of data every hour. Fast forward to 2023, and Visual Capitalist wrote that, according to figures from the Automotive Edge Computing Consortium (AECC), by 2025, globally, “connected cars could be producing up to 10 exabytes (one billion gigabytes) of data per month, a thousand-fold increase over current data volumes.” 

Automotive data is set to grow at a rapid rate, and there’s no doubt that interconnected vehicles bring numerous benefits, including improved safety, predictive maintenance, convenience, and more efficient transportation systems. Data can also play a significant role in helping manufacturers make effective business decisions and enabling better driving experience. However, these advances have also turned cars into efficient data harvesters. 

And therein lie significant problems: Data security and interoperability. 

How Secure Is Vehicle Data?

How secure is the data gathered and shared by vehicles? A recent postOpens a new window by the Mozilla Foundation goes so far as to say that cars are the worst product category from a privacy standpoint. Modern cars offer multiple attack surfaces through which data can be collected, misused, or fall into the wrong hands, compromising personal privacy. If you want to learn more about the various attack surfaces in automobiles, Stefan Savage delivers excellent examples in a webinarOpens a new window that rounds up your darkest car cyberattack nightmares. Such nightmares may come to pass with the proliferation of infotainment systems and mobile apps that further complicate matters, collecting extensive data about users’ habits and preferences and creating the potential for invasive profiling. This situation is exacerbated by the integration of third-party apps, such as Tik-Tok, where poorly written data-sharing agreements can lead to the sharing of user data without their explicit consent. What’s more, it now seems that top car makers are privacy trolls, collecting sensitive data inside the car, making users install their apps on their phones, and monetizing user data to sell to third parties as a new revenue source.

See More: Enjoy the Ride: Cars and Drives Are Better With the IoT

Inherent Challenges

The privacy concerns connected to vehicles raise demand for strong safeguards and regulations for personal data protection. The auto industry must undergo a significant privacy transformation to address the existing challenges in crucial areas, including:

1. Data security and privacy

Modern vehicles generate valuable data for various stakeholders like insurers, advertisers, and government agencies. With this data flowing from vehicles to these multiple stakeholders, protecting driver and passenger privacy and granting drivers control over their data access and use is crucial.

Another major challenge is protecting data from unauthorized access and misuse. Interconnected vehicles, essentially IoT devices, share security vulnerabilities with potential threats like malware, denial-of-service, and man-in-the-middle attacks. Malicious actors continually develop new exploits, such as gaining control over steering, braking, or acceleration through electronic control units (ECUs). Personal and financial data theft, software encryption ransom demands, and obtaining informed consent with precise privacy settings pose challenges. 

2. Digital interoperability

The automotive industry has multiple stakeholders, each with its systems and protocols. Modern vehicles have numerous ECUs, each responsible for specific functions, from engine control to infotainment. These components often come from different manufacturers, employing varying communication protocols, and may feature disparate software architectures. Interconnected vehicles must be able to communicate and share data with infrastructure and other devices. Coordinating these elements requires digital interoperability, which means that the different systems must be able to understand each other’s data and protocols.

Unifying Solutions

To bring order to the automotive data tsunami, the industry must commit to safety, data privacy, and IoT security to realize a digitally interoperable and connected automotive future. That means focusing on critical areas, such as:

1. Accepted industry standards

Interoperability and standardization are vital for a seamless, connected car experience. However, there’s currently no universal standard for digital interoperability in the automotive industry, leading to a lack of comprehensive global regulations for data privacy in vehicles. To protect user data, strong privacy regulations are necessary.

Despite emerging frameworks worldwide:

• Data protection regulations like GDPR in Europe and CCPA in California impose strict data handling requirements.
• The AECC is developing open standards for edge computing in vehicles, enabling vehicles to communicate with each other and infrastructure in real-time.
• In addition, the Alliance for Internet of Things Innovation (AIOTI) is developing security standards for IoT devices, which will help to reduce the risk of cyberattacks.
• The US government is investing in developing cellular vehicle-to-everything (C-V2X) technology, enabling vehicles to communicate securely with each other and infrastructure.

While initiatives like this and the Automotive Grade Linux (AGL) are making strides towards a degree of standardization, universal adoption remains a work in progress. 

2. Discrete multilingual connectivity

Modern vehicles must seamlessly adapt to cellular networks, including 4G LTE, 5G, and forthcoming high-speed channels. This challenge intensifies as networks evolve. IoT devices in cars use diverse communication protocols, like Bluetooth, Wi-Fi, and Zigbee, necessitating careful integration. In autonomous vehicles and advanced driver-assistance systems (ADAS), seamless communication with infrastructure and other vehicles is vital.

Achieving digital interoperability, IoT security, and discrete polyglot connectivity status in cars is imperative to harness the full potential of technological advancements and ensure that cars can interact fluidly with existing and forthcoming infrastructure. To enable the automotive industry to smoothly transition into highly connected, data-rich environments, layered software platforms are emerging that deliver better data and IoT device interoperability with secure and flexible data governance.

Manufacturers can partner with tech firms for secure, interconnected vehicle design, implementing encryption, authentication, and intrusion detection. Car manufacturers can use secure boot and firmware update processes to protect their vehicles from malware and other cyberattacks and use blockchain technology to create a secure record of vehicle ownership and usage data.

Unifying Data Privacy Standards in the Automotive Industry

Whether the automotive industry is serious about coming together to unite around standardization remains to be seen. In August 2023, Kaspersky’s Automotive Threat IntelligenceOpens a new window report highlighted cybersecurity concerns in the automotive industry, particularly regarding infotainment system integration and connectivity tech provided by software providers. Starting July 2024, the United Nations Economic Commission for Europe’s World Forum for Harmonization of Vehicle Regulations (UNECE WP.29) will mandate multi-layered cybersecurity solutions for automotive OEMs and their supply chains, covering development to customer-use, with non-compliance potentially shutting down production.

Unifying standards and solutions to address data privacy, cross-manufacturer communication, and IoT security in interconnected vehicles requires collaboration among the automotive industry, tech firms, and government bodies. A comprehensive dialogue that leads to a universal data privacy policy is an urgent step necessary to enforce data privacy rights and avoid costly cyber-attacks.

How well do you know the data privacy risks in smart cars? Let us know on FacebookOpens a new window , XOpens a new window , and LinkedInOpens a new window . We’d love to hear from you!

Image Source: Shutterstock

MORE ON SMART CARS

• Safety Standards, Process, and Key Learnings for Autonomous Vehicle Software – Spiceworks
• What Is ADAS (Advanced Driver Assistance Systems)? Meaning, Working, Types, Importance, and Applications
• AR and VR Transforming Automotive Industry – Spiceworks