Skip to Content
car data leak
© Kharyadi |
Security & privacy

Drive a Toyota, Kia, Mercedes or BMW? Your personal info may have been exposed

Hackers are always looking for new ways to get their hands on your data. It even trumps your credit or debit card details. Unfortunately, security breaches happen on a more grand scale than most would like to know, such as the IRS leak from late last year.

Criminals made off with the details of over 120,000 taxpayers. But that was only a tenth of a massive breach a month later, as a Facebook tracker exposed the details of over 3 million people.

It’s easy to assume that data breaches happen to high-value targets, but that isn’t always the case. Read on to see how your details might be at risk by simply driving one of these cars.

Here’s the backstory

Technology advances at an incredible pace, and it’s more common now than ever to find internet-connected components in household appliances. For example, a web-connected fridge tells you when you’re out of milk. A more advanced model even places an online order for you before that happens.

Ingenious features have also made their way into many vehicles. The center console of technologically-advanced cars can show you almost every aspect of your vehicle, including your details, where you bought the car, when the next service is due and access to additional subscription-based functions.

But with any connected gadget, there is a risk of data compromise, which is precisely what security researchers recently found.

During an investigation, researchers found several API security vulnerabilities in popular models from Ford, Nissan, Toyota, Mercedes, Kia, BMW and many more. Nearly 20 manufacturers were impacted.

How hackers exploit API flaws

Researchers found that hackers could access the vehicle’s telematic systems to honk the horn, flash the lights, or remotely track the car. 

It gets worse. According to team leader Sam Curry, with the correct access, hackers can “fully lock and unlock the car, start and stop the engine, and lock users out of remotely managing their vehicle while changing ownership details.”

The level of access depends on the vehicle, but the most severe is in BMW and Mercedes-Benz. Using the exploit in these cars, hackers can access the company-wide internal chat tool, hundreds of mission-critical internal applications, and the internal dealer portals where they can query any VIN.

Several manufacturers say the software flaws will get a fix soon, but Curry has some advice if you drive any of those vehicles or thinking of buying one.

Some sound advice from Curry is to ensure the prior owner’s account has been removed when you buy a used car. If you’re selling a vehicle, remove your data. Also, when using apps and services that link to your car, use strong passwords and set up two-factor authentication when available.

Keep reading

Over 160K vehicles from Volkswagen and Mercedes have been recalled

Healthcare security breach: 3 million patients exposed thanks to Facebook tracker

Ask me your digital question!

Navigating the digital world can be intimidating and sometimes downright daunting. Let me help! Reach out today to ask your digital question. You might even be on my show!

Ask Me