How Secure Are The Apps That Control Your Car When Sold On?
Thursday, 25. August 2016
Years ago Ford had a reputation for announcing new models long before they were in a position to launch. As a result pressure was on them to get the car into the marketplace whilst interest was at its highest. Subsequently, anyone who bought the brand new model with lots of new features became Ford’s own testers.
My ex wife became one of them when they brought out a brand new shape Fiesta. It looked great and the Ghia had loads of brand new features. Unfortunately the car spent more time in the local dealers during its first 6 months than in the hands of my ex.
But as newer cars rolled off the production line all of the faults were fixed and eventually my ex ended up with a car without rattles, windows that worked, no oil leaks and a rear window that didn’t drip water onto her shopping every time she operated the rear wash/wipe. Whilst it was irritating there were no health and safety or security issues just minor irritation that got sorted. Scoot forward a few years and you find Apple uses the same principle whenever they have a new iPhone to launch.
Remember the bendy big phone and the phone with the aerial built around the phone that lost the signal if you held it? So it should come as no surprise that when the recent head of steam started to build up around the desirability to have ‘Connected Cars’ that stuff would be released before being fully considered and fully tested. What us cost accountants would refer to as the ‘what if’ considerations. Many manufacturers have rushed to release apps that can be downloaded onto your phone that will remotely connect to your car.
The app will remotely monitor and control the car, locate it and even lock and unlock it. Yes I did just say that. The trouble is that not enough ‘what if’s’ were considered before the products launched leaving the new owner and the car vulnerable when sold. Fleet operator Ogilvie found that they still had access via their apps to a Tesla, BMW i3 and a Nissan Leaf after the cars had been sold although they pointed out that the Nissan could not be stopped or started via the app.
As more manufacturers join Jaguar Land Rover with their inControl, Tesla with MyTesla, Volvo OnCall, Vauxhall’s OnStar and Nissan Connect less attention could be given to security if it meant that the technology could be launched in no time flat. Some manufactures say they will delete the old account once the car is sold and one amazingly said that if they are called by the customer or fleet manager they can disable the App. Really? That sounds pretty secure – not! Tesla said that it is up to the old owner or new owner (or thief) to advise the change of ownership.
To prove the point Fleet News reported one ex Tesla owner able to access his MyTesla account a year after the car was sold. It is only now that leasing companies are discussing the end of lease procedures and a resolution that would see the disabling of apps. As part of the handover process. But what about private owners? Who will instruct those with Connected cars how to protect their privacy and new owners make sure that the previous owner no longer has access to their car. What a mess! By Graham Hill