A Journalist Hacked a Chevrolet Volt to Find Out If the Company Spies on Drivers

Washington Post tech columnist Geoffrey A. Fowler took one of his computers out of the car and found out exactly what information the manufacturer collects about owners.

This experiment to check information privacy showed that Chevrolet collects data through hundreds of sensors and has a constant Internet connection, and it is almost impossible to avoid this.

Chevrolet Volt 2017 Chevrolet Volt 2017

Information has become the driving force of our time for cars, along with electricity and petrol. Information is not a bad thing, it is good. Cars with Internet connection are already doing good things like improving safety and sending you service messages that are much more useful than the flickering of a light bulb on the dashboard. What if information is treated the same way as nuclear energy and turned into a weapon instead of working for the benefit of humanity?

When I buy a car, I assume the data I produce is owned by me — or at least is controlled by me. Many automakers do not. They act like how and where we drive, also known as telematics, isn’t personal information,

writes Geoffrey A. Fowler.

Geoffrey Fowler / The Washington Post Geoffrey Fowler / The Washington Post

As soon as information about our lives falls into the wrong hands (transferred, sold, or stolen), we lose control. The author also notes that in the US, as in most countries, there are no laws regulating what information automakers have the right to collect. This makes the boundaries vague and opens up wide opportunities for speculation.

Keeping this in mind, Fowler took the infotainment system out of his hybrid Chevrolet Volt, along with the computer unit that runs it (there are several computers in modern cars), and called a qualified engineer to figure it out.

Jim Mason hacks into cars for a living, but usually just to better understand crashes and thefts,

the columnist presents his associate.

Even with a full set of devices to hack the Volt, Mason and Fowler were not able to get to all the systems, which collect about 25 gigabytes of information every hour.

The researchers decided to focus on the computer with the most available data – the infotainment system that interacts with the user the most. Built-in navigation, syncing with your smartphone, and connecting to the Internet — all this gives you access to a digital portrait of the user.

Having taken a deeper look at the car's computer, the researchers found what they were looking for. They found a detailed record of Fowler's destinations for the entire time of driving. There was also a long list of phone contacts, including emails and photos, not only Fowler’s but also previous users’. So, the computer contained data of the Upstate New York travels of a stranger who had made several calls to a contact signed as «Sweetie». The contact's photo was also in the database. Next, they found out where the car was refueled, which restaurant the couple had dinner at. Fowler and Mason also received the unique identifiers for their Samsung Galaxy Note phones.

Geoffrey Fowler / The Washington Post Geoffrey Fowler / The Washington Post

Jim Mason noted that infotainment systems can contain even more information. He hacked into Fords that had recorded locations every few minutes, even when the navigation had not been used. There were also other cars with 300-gigabyte hard drives. The Tesla Model 3 can collect video fragments from numerous built-in cameras and transmit them to the manufacturer. It was not possible to find out what data had been sent to the manufacturer by the hacked Volt, since the researchers were not able to break through the protection of the live OnStar cellular connection.

General Motors’ spokesman David Caldwell declined to comment on the hacked Chevy Volt but noted that his company usually collected information in three categories: vehicle location, vehicle performance, and driver behavior.

Much of this data is highly technical, not linkable to individuals and doesn’t leave the vehicle itself,

Caldwell said.

Geoffrey A. Fowler has shared several conclusions and ideas that will help drivers protect their private information:
— simply connecting your smartphone to the car's infotainment system can put your personal data at risk;
— in the case of selling a car, it is better to spend some time completely clearing information from on-board computers using software methods;
— when purchasing a car, tell the seller that you want to know about installed services and how they can be turned off;
— there is no absolute protection against «espionage», unless you buy a used car.

Related News

Sign up or log in to post a comment