By now, you’ve probably heard the horror stories about hackable cars. The most publicized concern is that digitally connected cars are vulnerable to hackers who could disable the engine or even take control of the steering.
But while this kind of physical threat grabs headlines, a different risk goes relatively unmentioned: data security. According to a recent post in the online publication Motherboard, our cars may be housing an alarming cache of unsecured data.
Reportedly, a security expert hacked into his own vehicle by connecting a USB flash drive loaded with computer scripts designed to access the car’s “infotainment” system. What he found was a serious privacy issue: call histories, contacts, text and email messages, and even directory listings from mobile phones that had been synced to the car, simply stored in plain text.
In the experiment, the researcher had physical access to the car’s computer system via a USB connection. But he suggests that hackers could access the same information remotely through an in-car internet connection.
Car manufacturers are continuing to learn about and address these security risks. In the meantime, there are a few steps you might consider to protect your company data:
- Require employees to update their car’s firmware in a timely manner following an update;
- Prohibit employees from syncing mobile devices to company vehicles; or
- Prohibit employees from syncing a company-issued mobile device to their personal vehicles or rental vehicles.
Strict prohibitions may not be popular with employees, however, particularly those who regularly travel for work or commute long distances. When connected to a cellphone, vehicle infotainment systems offer a host of conveniences such as hands-free calling, spoken delivery of text messages, and navigation.
