Emails, Text Messages Can Be Retrieved From Smartphones Synced to Vehicles (theintercept.com) 71
Slashdot reader ytene writes: As reported by The Intercept, U.S. Customs and Border Protection have just spent $456,063 for a package of technology specifically designed to access smartphone data via a motor vehicle. From the article:
"...part of the draw of vacuuming data out of cars is that so many drivers are oblivious to the fact that their cars are generating so much data in the first place, often including extremely sensitive information inadvertently synced from smartphones."
This data can include "Recent destinations, favorite locations, call logs, contact lists, SMS messages, emails, pictures, videos, social media feeds, and the navigation history of everywhere the vehicle has been, when and where a vehicle's lights are turned on, and which doors are opened and closed at specific locations" as well as "gear shifts, odometer reads, ignition cycles, speed logs, and more. This car-based surveillance, in other words, goes many miles beyond the car itself."
Perhaps the most remarkable claim, however, was, "We had a Ford Explorer we pulled the system out, and we recovered 70 phones that had been connected to it. All of their call logs, their contacts and their SMS."
Mohammad Tajsar, an attorney with the American Civil Liberties Union (ACLU), is quoted as saying, "Whenever we have surveillance technology that's deeply invasive, we are disturbed," he said. "When it's in the hands of an agency that's consistently refused any kind of attempt at basic accountability, reform, or oversight, then it's Defcon 1."
"...part of the draw of vacuuming data out of cars is that so many drivers are oblivious to the fact that their cars are generating so much data in the first place, often including extremely sensitive information inadvertently synced from smartphones."
This data can include "Recent destinations, favorite locations, call logs, contact lists, SMS messages, emails, pictures, videos, social media feeds, and the navigation history of everywhere the vehicle has been, when and where a vehicle's lights are turned on, and which doors are opened and closed at specific locations" as well as "gear shifts, odometer reads, ignition cycles, speed logs, and more. This car-based surveillance, in other words, goes many miles beyond the car itself."
Perhaps the most remarkable claim, however, was, "We had a Ford Explorer we pulled the system out, and we recovered 70 phones that had been connected to it. All of their call logs, their contacts and their SMS."
Mohammad Tajsar, an attorney with the American Civil Liberties Union (ACLU), is quoted as saying, "Whenever we have surveillance technology that's deeply invasive, we are disturbed," he said. "When it's in the hands of an agency that's consistently refused any kind of attempt at basic accountability, reform, or oversight, then it's Defcon 1."
No kidding (Score:4, Insightful)
Re:No kidding (Score:5, Insightful)
I doubt most people understand what it means to sync with the car.
Get in a rental vehicle, the first thing it asks is to connect. Want to use your phone's gps or play some music? Sure...connect. There's no warning that your personal data will be scraped and saved when you disconnect and return the car.
Re:No kidding (Score:4, Insightful)
This data can include "Recent destinations, favorite locations, call logs, contact lists, SMS messages, emails, pictures, videos, social media feeds, and the navigation history of everywhere the vehicle has been, when and where a vehicle's lights are turned on, and which doors are opened and closed at specific locations" as well as "gear shifts, odometer reads, ignition cycles, speed logs, and more. This car-based surveillance, in other words, goes many miles beyond the car itself."
Here's the thing though. If this was a regular computer there would be CVE out the wazoo, if they transmitted that much data with the outside world. Cell phone by design it's assumed you want to share everything.
Re: (Score:2)
Why would a car collect half the information they cite? Why would it collect pictures, for example?
Re: (Score:2)
Insurance lawyers, for one, want all the black box data that the car has collected after an accident etc. Usually the cops and the judge get the info too. Here in NY that are punishing txting while driving just as hard as felony DUI, if not harder. It's a great way to lose your license. The info has been available for years regarding collecting the data.
Re: (Score:2)
Contacts are shared with the infotainment system so you can either voice control or have your addressbook controllable via the steerwing wheel controls.
If you want to make a phone call, you either have to interact with the phone (illegal in a number of places) or use the infotainment system. You could try to dial by voice recognition (leading to hilarious results if it picks the wrong contact), but it's easier
Re: (Score:2)
Or, "Hey Siri, phone [person-I want-to-phone]
Where's the problem?
The same thing happens with computers and no one bitches like is going on here.
Oh well, That's
Re: No kidding (Score:1)
Not quite, Apple CarPlay does work like that, Android Auto often requires an extra app either on the phone or on the car, as most Android phones are woefully underpowered to do 5 things at once, Google decided it is best if part of the processing happens on the car.
For example on at least one model Honda, you have to load an app onto your car-Android to get full functionality from Android Auto and yes, the car will connect to WiFi and have some functionality with your Google profile without the phone presen
Re: (Score:3)
I doubt most people understand what it means to sync with the car.
I'll bet Mary Jo Kopechne knows.
Re: (Score:2)
Re: (Score:2)
Funniest comment here in months. Bravo!
Re: (Score:2)
There is a warning every time I have tried. It asks to connect, then your phone asks if you want to share messages and contacts, to which I answer no. And of course I delete the phone from the car before returning it, just in case anyway.
Re: (Score:2)
Re: (Score:2)
Even when I connect to my spouse's car.
The message Always asks if I want to Sync the Contacts, etc.
Why do you say that there is "no warning"?
I have always received a Warning.
Re: (Score:2)
Asking you if you want to allow the vehicle to access your contacts, etc. is not a warning in any meaningful sense of the word. Only someone with prior knowledge of what that could imply would consider it a warning.
It's similar to asking you if you want to go downstairs, but not telling you that the stairs are actually a ramp covered in ice.
It's a slippery slope.
Re: (Score:2)
This is true, but I need to make a point here:
- Bluetooth audio (eg your phone is used as a headset) does not sync text messages or contacts, it just acts as a headset.
- Bluetooth sync of contacts can be blocked in iphones.
That just leaves text messages, which again, requires that you have the phone operating as the "handsfree mode" , eg "carkit" mode such as CarPlay.
Because (particularly in the case of Ford SYNC) it downloads the contacts and text messages if you permit it to, but because a car may be used
Re: (Score:2)
Make better decisions.
Was just contemplating this! (Score:5, Insightful)
Re:Was just contemplating this! (Score:5, Informative)
The issue isn't the car, it's the phone you use in the car and the data it uploads into the car.
I charge my phone with a cigarette lighter charger cord, mainly because my car wants to play the first song in my phone (which happens to be the only song in my phone), a Stephen Colbert song - "Hey, It's another Christmas Song" (or something like that).
Seriously, why sync your phone with a rental car - your phone GPS works just fine on the built-in screen, your phone has a speaker phone, a voice assistant, etc. - I guess wanting to stream music/podcasts over the car stereo is a reason, but there are other ways to accomplish that without sync'ing the phone, aren't there, like bluetooth?
Re:Was just contemplating this! (Score:5, Informative)
This all happens via bluetooth.
I've usually driven very old cars, but I recently replaced my 1994 Dodge Dakota with a few-years-old Toyota. It has all kinds of whizbangs that are new to me.
When you pair a phone with it by bluetooth, there are 2 separate connection options. You can connect just the audio, or you can connect the phone. That latter option lets you receive calls and texts on the car display and so forth; it seems that's the setting that slurps up all this data.
Re: (Score:2)
Receiving calls is rather nice though and it's super easy to call per-arranged numbers with steer-wheel keys. If it's my car, why wouldn't I want to take advantage of that? The fact that the car isn't keeping that shit a secret is the problem.
Always a trade off. Just having the phone on you gives up privacy but then using it even more. It's the price we pay for the convenience unfortunately.
Re: (Score:1)
Conveniences ?
Strange words to use considering you are a slave to your phone.
Re: (Score:2)
Yes, rental cars DO record all of that telemetry... And it does it even if you don't have a smart phone.
It IS their car. They get to monitor how you use it.
Don't like that? Don't rent their car. Problem solved.
Re: (Score:1)
Re: (Score:2)
Yes they did, from about the time the lo-jack was invented... And it's just become for sophisticated as time has gone alone.
As I said, don't like it? Don't rent a car.
Re: (Score:1)
Re: (Score:2)
Because voice dialing doesn't work if you don't sync contacts
Re: (Score:2)
Don't Android phones have an "assistant"?
Re: (Score:2)
Yes, but the mic in the CAR can't do it.
The mic on the phone isn't as "careful" for the necessary speech recogniton in an automotive environment
Re: (Score:2)
And the automobile's sound is louder and better sounding than a cell phone can produce while driving?
Lots of reasons.
The car also tracks your use (Score:2)
Making it a surveillance tool with or without your phone connected.
So, in addition to burner phones, (Score:5, Funny)
We have to throw away our cars after using them once?
Re: So, in addition to burner phones, (Score:3)
Re: (Score:2)
I think if you are a criminal, you'd be very smart to buy a dumb car that is 20 years old +
Speaking of which...
Re: (Score:1)
I think if you are a criminal, you'd be very smart to buy a dumb car that is 20 years old +
Speaking of which...
If you still have a 93 escort wagon - yea man! That's like the perfect criminal car. Thinking of a life of crime?
Pull the car data. Can we prove he was near Bill Gates when the pie was thrown at him?
Re: (Score:2)
Yeah, if I'm a criminal, I'm going to buy a car.
Re: (Score:1)
Look, criminals don't try to break all the laws. Just the necessary ones. You don't see white collar criminals stealing their cars. They just lease them.
LOL, AC - you know nothing about criminals. They don't give a rip about laws.
Re: (Score:2)
So buy oneself a Ford Pinto. [tortmuseum.org] Problem solved.
Who sync's their phone with a rental car? (Score:2)
U.S. CUSTOMS AND BORDER PROTECTION purchased technology that vacuums up reams of personal information stored inside cars, according to a federal contract reviewed by The Intercept, illustrating the serious risks in connecting your vehicle and your smartphone.
Uhm, OK
The ACLU’s Tajsar explained, “What they’re really saying is ‘We can exploit people because they’re dumb. We can leverage consumers’ lack of understanding in order to exploit them in ways that they might object to if it was done in the analog world.’”
Yes, a large number of criminals are caught because they fail to appreciate they leave behind DNA, hair, etc., or that their cellphone reveals their location whenever it's turned on, that traffic cameras record cars passing under them, CCTV cameras record their activitesin public, etc.
We catch many criminals because of their ignorance about the world around them.
MSAB claims that this data can include “Recent destinations, favorite locations, call logs, contact lists, SMS messages, emails, pictures, videos, social media feeds, and the navigation history of everywhere the vehicle has been.”
I'm hard-pressed to believe that cars are downloading pictures, videos, social media feeds, and my contact lists - to what purpose?
The easy
Seriously, who DIDN'T know this?! (Score:3)
Seriously, who DIDN'T know this?!
Re:Seriously, who DIDN'T know this?! (Score:5, Insightful)
Almost everyone. A couple of years ago I was in a hotel and was taking a call in the complimentary "business lounge" on my cell. While chatting I booted up the PC that was in there and checked the browser history. First hit was a bank. Clicked on it and the browser auto-filled some person's username and password and I was looking at their accounts.
I spent the next 20 minutes removing saved passwords and history from every browser on the machine and trying to turn off those options. People are dumb.
Re: (Score:1)
Almost everyone. A couple of years ago I was in a hotel and was taking a call in the complimentary "business lounge" on my cell. While chatting I booted up the PC that was in there and checked the browser history. First hit was a bank. Clicked on it and the browser auto-filled some person's username and password and I was looking at their accounts.
I spent the next 20 minutes removing saved passwords and history from every browser on the machine and trying to turn off those options. People are dumb.
No, they are just uninformed about computers, much like you are uninformed about all manner of things those people might be experts at. The real dummy here is the badly educated IT person who left autofill activated on that PC and the miserable excuse for a manager who hired him so that he could underpay the guy in order to improve the corporate bottom line by a billionth of a percent.
Re: (Score:2)
Re: (Score:2)
Who wants to know enough to repair everything that they own or use?
BTW, "Thank You!" for cleaning the history and changing the settings so that this information isn't retained!
Wouldn't it be nice if all of us who are aware of browser settings took the time to change the settings to make browsing safer and more secure. Yes, I know it takes several minutes to do this but it helps the people who use the browsers after us.
Re: (Score:2)
Perhaps it is just that I've dealt with hotel management before (in a convention client context):
I would have cleared the display, dragged the nearest hotel staff over to the computer, and shown them exactly why I was concerned. ... and then demonstrated how to clear and lock down each of the browsers on the system.
The words "you have a potential lawsuit situation on your hands, let me show you how to prevent it" are magic. But "clearing all the computers yourself" is a "give a man a fish" solution. It al
Rental cars. (Score:2)
Every one Iâ(TM)ve rented past few years needed to have a phone or threeâ(TM)s data scrubbed.
Re: (Score:3)
Another reason (Score:2)
Not to have a "smart" phone. Granted, you could always not sync your phone to the car, but considering the people we're dealing with, that is clearly not an option.
Flip phone for the win.
This isn't about CBP (Score:2, Insightful)
Re: (Score:2)
CBP doesn't need a warrant when you come through the border, or are within a certain range of one.
https://www.aclu.org/other/con... [aclu.org].
Rental Car Companies (Score:3)
I never sync with a rental car and I'm always amazed to find all that info on the "radio". How they don't do a factory reset after a return is beyond me. Somebody's gonna sue them.
duh (Score:2)
well duh!
Factory default the car? (Score:2)
Are there codes or dash switch combinations for every car that resets its memory back to factory default?
All settings wiped: bluetooth, saved location data, engine performance, when it was used, how fast you were going, etc ... everything, as if it were new from factory.
Re: (Score:1)
Re: (Score:2)
Some people want to make calls legally -- in those places, like the state where I reside, that have outlawed "hands" calls.
Some people like the convenience
Why do you think that everyone has the exact same needs, desires, and wants as You?
It's Really Not A ONE-SIZE-FITS-ALL World
Or didn't you realize that fact?
Re: (Score:1)
Yeh because one moment without a phone call is the end of the world.
> Some people want to make calls legally -- in those places, like the state where I reside, that have outlawed "hands" calls.
if they cant wait why are they wasting so much time driving ?
Re: (Score:1)
Why do you think everyone is deaf or hearing impaired so they ALL need to sync with a car ?
Data Scrambler? (Score:2)
WHY ? (Score:1)
Silver Lining : Setting respectable people up (Score:2)
Car as a Trojan (Score:3)
The recent slashdot story that covered the reverse engineering performed by Moxie Marlinspike’s of Whisper Systems against the Cellebrite code included mention of the fact that the Cellebrite application appeared to be making use of an iTunes library [hinting that it may have been illegal use of the library.
That suggested to me that part of Cellebrite’s strategy was to trick the handset in to thinking that it was being connected to an iTunes instance that it could trust. Now, it doesn’t follow that an iPhone will automatically “trust” a vehicle to which it is connected, but suppose that vehicle originally had Apple CarPlay running in it, but CBP and/or their third party were able to maliciously hack the CarPlay?
If they were able to do something similar to Cellebrite, maybe that would explain how so much and such varied data was being accessed by the vehicle?
If so - and, again, this is all supposition, Apple need to further harden iOS and iPadOS such that before a connection is accepted, each end of the link need to be able to prove that it has not been tampered with, maybe by some form of mutual authentication test.
Only use the cigarette lighter to charge your (Score:2)
What's more disturbing here? (Score:2)
Look past what's being "revealed" in the OP and the linked article. It isn't the fact that cars are scraping all this data from the drivers' phones that should be worrisome.
It's that the phones are not only capturing all this data, but are so easily scraped.