From wireless technology to the ability to navigate a freeway without help from a driver, new cars boast a lot of bells and whistles, including some features that can record every move you make behind the wheel.
"Your car is spying on you all the time," said Clifford Neuman, a cyber security expert from USC.
Neuman said one way it may be tracking you is with an event data recorder (EDR) that constantly records what your vehicle is doing.
"When you brake, whether your seat belts are fastened, what your speed is, a lot of other information," he said.
Nearly all new cars sold in the U.S. have EDRs — and in recent years, the data they generate has been collected to contradict owner testimony about car crashes nationwide — in some cases, dramatically influencing the outcome of lawsuits.
Then there are in-dash communication systems, like OnStar, which monitor driving patterns.
"If someone is trying to track your driving history, they're able to access that driving history, if they're able to hack into your OnStar account or break into the OnStar system itself," Neuman said.
With millions of cars now sporting built-in Wi-Fi, another big concern involves cyber security:
Researchers have recently demonstrated how some connected cars are alarmingly easy to hack — using their laptops to kill brakes — even take over steering — remotely.
But the most vulnerable spot in your car — probably rests in your hands.
"The most intrusive device in your vehicle is really your cellphone," Neuman said.
Unless you opt out — your phone's GPS is probably set to relay your location — while your apps track your drive-thru habits — all part of a brave new world some say is becoming dangerously public.
"Most people don't envision a free country as a country in which every time they set food in their car, everything they do is watched," said Alvaro Bedoya, a privacy advocate.
The I-Team reached out to several major automakers. Most said they are working on tools to protect drivers from being hacked.
Regarding event data recorders, California is one of 15 states that has passed a law limiting who can access the information generated.
To find out if your car is equipped with an EDR, check with HarrisTechnical.com here.
Full statement from Fiat-Chrysler of America:
- At FCA consumer safety and security is our highest priority.
- To our knowledge, there has not been a single real world incident of an unlawful or unauthorized remote hack into any FCA vehicle.
- New technologies have led to major advances in consumer safety. Cyber risks will continue to evolve as connected car technology advances. To realize the promise of the connected car, we must address the inherent risks associated with those technologies.
- We are committed to improving and working with the industry and with suppliers to develop best practices to address these risks.
Full statement from General Motors:
1. All vehicles produced in North America have EDR features that meet federal EDR requirements.
2. With regard to customers' privacy, we have policies in place to protect our customers' privacy, including:
A. The owner's manual for each vehicle explains GM's privacy protection measures in the vehicle data recording and privacy section
B. If the vehicle is equipped with OnStar, there is also a privacy statement related specifically to OnStar and its services
C. A separate GM consumer privacy notice
(All of these privacy policies and notices clearly outline our data and information collection practices.)
GM takes matters such as potential cyber threats, which affect our customers' safety and security, very seriously. We are taking a layered approach to in-vehicle cybersecurity and are designing many vehicle systems so that they can be updated with enhanced security measures as potential threats evolve. We were the first auto manufacturer to create an integrated and dedicated global organization, product cybersecurity, more than a year ago. This organization consists of a growing team of internal experts who collaborate with outside specialists and third parties, including experts in the defense and aerospace industries, government organizations, academia and industry consortia on best practices and key learnings. Together, these teams are actively working to minimize risks of unauthorized access to vehicles and customer data. Additionally, our onstar service offering has years of leadership, providing connected safety, security and mobility solutions for a growing global customer base.