Spies on wheels: how carmakers collect and then resell information

Guess which of your possessions is the most active at collecting your personal information for analysis and resale?

Your car. According to experts at the Mozilla Foundation, neither smart watches, smart speakers, surveillance cameras, nor any other gadgets analyzed by the Privacy Not Included project come close to the data collection volumes of modern automobiles. This project involves experts examining user agreements and privacy policies to understand how devices use owners’ personal data.

For the first time in the project’s history, absolutely all (25 out of 25) reviewed car brands received a “red card” for unacceptably extensive collection of personal information, lack of transparency in its use, poorly documented data transmission and storage practices (for example, it’s not known whether encryption is used). Even worse, 19 out of 25 brands officially state that they can resell the information they collect. The icing on the cake of such privacy violations is that car owners have almost no ability to opt out of data collection and transmission: only two brands, Renault and Dacia, offer owners the right to delete collected personal data; however, it’s not so easy to even figure out if you should exercise this right.

Buried deep within the license agreements that car buyers usually accept without even reading, there are utterly outrageous violations of privacy rights. For example, the owner’s consent to share their sexual preferences and genetic information (Nissan), disclosure of information upon informal requests from law enforcement agencies (Hyundai), and collection of data on stress levels — all in addition to 160 other data categories with deliberately vague names such as “demographic information”, “images”, “payment information”, “geolocation”, and so on.

The worst brand of all in the ratings was Tesla, which earned, in addition to all the other possible penalty points, a special label: “Untrustworthy AI”.

How cars collect information

Modern cars are literally crammed with sensors — ranging from engine and chassis sensors that measure things like engine temperature, steering wheel angle, or tire pressure, to more interesting ones such as perimeter and interior cameras, microphones, and hand presence sensors on the steering wheel.

All of them are connected on a single bus, so the car’s main computer centrally receives all this information. In addition, all modern cars are equipped with GPS and cellular communication, Bluetooth, and Wi-Fi modules. The presence of cellular communications and GPS in many countries is dictated by the law (to automatically call for help in an accident), but manufacturers happily use this function for the convenience of both the driver – and themselves. You can plan routes on the car’s screen, remotely diagnose malfunctions, start the car in advance… And of course, the “sensors and cameras → car computer → cellular network” bridge creates a constant channel for information collection: where you’re going, where and for how long you park, how sharply you turn the steering wheel and accelerate, whether you use seat belts, and so on.

More information is collected from the driver’s smartphone when it’s connected to the car’s onboard system to make calls, listen to music, navigate, and so on. And if the smartphone is equipped with a mobile app from the car manufacturer for controlling car functions, data can be collected even when the driver is not in the car.

In turn, information about passengers can be collected through cameras, microphones, Wi-Fi hotspots, and Bluetooth functions. With these, it’s easy to find out who regularly travels in the car with the driver, when and where they get in and out, what smartphone they use, and so on.

Why do car manufacturers need this information?

To earn more money. Apart from analysis for “improving the quality of products and services”, the data can be resold, and car features can be adapted for greater profit for the manufacturer.

For example, insurance companies buy information about a particular driver’s driving style to more accurately predict the likelihood of accidents and adjust insurance costs. As early as 2020, 62% of cars were equipped with this controversial function right at the factory, and this figure is expected to rise to 91% by 2025.

Marketing companies are also eager to use such data to target advertising based on the owner’s income, marital status, and social status.

But even without reselling personal data, there are many other unpleasant monetization scenarios, such as enabling or disabling additional car functions through subscriptions, as BMW tried unsuccessfully to do with heated seats, or selling expensive cars on credit with forced vehicle lockdown in case of payment default.

What else is wrong with data collection and telematics?

Even if you think “there’s nothing wrong with ads” and “there’s nothing interesting they could learn about me”, consider the additional risks you and your car are exposed to due to the technologies described above.

Data leaks. Manufacturers actively collect your information and store it permanently — without sufficient protection. Just recently, Toyota admitted to leaking 10 years of data — all collected from millions of cloud-enabled vehicles. Audi had information on 3.3 million customers leaked. Other car manufacturers have also been victims of data breaches and cyberattacks. If this much personal data falls into the hands of real criminals and fraudsters, not just marketers, it could spell disaster.

Theft. Back in 2014, we explored the possibility of stealing a vehicle via cloud functions. Since 2015, it has become clear that criminals remotely taking over a car is not some futuristic fantasy, but a harsh reality. Car thefts in recent years often exploit the remote relaying of signals from a legitimate key fob, but last year’s epidemic of KIA and Hyundai “TikTok hijackings” was based on the car’s smart functions and only required the thief to insert a USB drive.

Surveillance of relatives. When the car does not belong to you, but to a relative or employer, the owner can track the car’s location, set geographical limits for its use, set speed limits and permitted driving times, and even control the volume of the audio system! Many car brands, such as Volkswagen and BMW, offer such features. As we know from our stalkerware research and the recent AirTag tracking scandals, such capabilities are simply crying out to be abused.

How to reduce risks?

Due to the scale of the problem, there are no simple solutions. Therefore, here are some mitigation options in descending order of radicality:

1. Walk or ride a bicycle.
2. Buy an old car model. Almost all cars manufactured before 2012 have very limited data collection and transmission capabilities.
3. Buy a car with a minimal set of “smart” sensors and/or no communication module. Some manufacturers offer basic configurations with limited capabilities, but this requires carefully reading the user manual. The absence of a dedicated communication module (GSM/3G/4G) in the car is a reliable sign of its limited capabilities. Note that more and more cars come with smart features even in basic configurations (this path has already been paved by Smart TVs — they make money by collecting and selling data).
4. Don’t install the car’s mobile app on your phone. Of course, starting the car from your smartphone or warming it up before you get in is often convenient, but is it necessary to pay for these features with deeply personal information — in addition to the money you spend? Very debatable.
5. Don’t activate Apple’s CarPlay or Android Auto pairing functions. When these functions are activated, the smartphone OS manufacturer gets all kinds of information from the car, and the car, in turn, retrieves information from the phone.
6. Don’t connect the car to your phone over Bluetooth or Wi-Fi. This way, again, you lose some functionality, but at least the car won’t send information to the manufacturer through the phone, and nor will it download the phone’s address book and other personal data. You can compromise by establishing a Bluetooth connection only for “headset” and “headphones” protocols: you’ll be able to play music from your phone through the car speakers, but the transmission of other data types (such as the address book) won’t be available.
7. A bonus tip, which doesn’t exclude the previous ones: Mozilla suggests signing a collective petition to car manufacturers, urging them to change their business model and stop making money by spying on customers. Power to the petitioning people!