79 comments

[ 3.0 ms ] story [ 159 ms ] thread
My phone isn't telling my rental car anything. I turned bluetooth off.
At the very least, it's telling them you turn off Bluetooth.
Or have a feature phone with no Bluetooth.
Or don't have a phone at all with you.
Or have a landline with a reaaaaaaly long cable.
Are you saying the car has a mechanism to catalogue different drivers without bluetooth?
Wifi MAC address or other identifier is one method.
I'm not sure why you're being downvoted, some 2015 Chevys have the option for built-in wi-fi (4G LTE) making MAC tracking a legitimate concern. Granted, the rental isn't getting contacts/texts/etc like this article is talking about, but your rental could guess at the number of passengers or determine how long you spend parked outside of Starbucks based on how long it sees Starbucks wi-fi (assuming the vehicle doesn't have GPS), etc.
I never thought about it, but it would make a lot of sense that since both Android and iOS ask for application permissions, the same would happen for a Bluetooth session.

My guess is that it's not done because receivers were never supposed to handle missing data for something that shows up in device capabilities.

Given this is by the a US federal agency, it's interesting to me how the US federal consumer protection agencies never look at how much data the federal, state, local, etc. governments leak on the average person; for example, federal citizen identifiers reused as consumer identifiers, that is SSN numbers.
"Reuse" of SSNs is not a 'leak' of privacy by government. They're not the ones giving SSNs to whomever asks.
By creating a system whereby everybody can be assumed to have a certain unique identifier, they put people in a situation where they can be made to divulge that number of various private purposes.

For instance, if a drivers' license didn't have a unique number, then stores couldn't be tempted to demand said number when processing a return.

It's akin to the difference between naive full disk encryption, and a true steganographic filesystem.

There's zero reason that SSN per entity shouldn't be unique, official use only, expire, etc.

Currently, SSN reveal detailed personal history when used by someone who knows how to read the encoding, which is public information.

Beyond that, use of SSN for non-official use is illegal, but the government doesn't do enforcement.

> how much data the federal, state, local, etc. governments leak on the average person; for example, federal citizen identifiers reused as consumer identifiers, that is SSN numbers.

Is it really the government doing this? It seems to me that it's businesses, not the government, that insist on using SSNs as consumer identifiers. While this drives me crazy, I'm not sure that it's reasonable to pin it on the government (which, essentially by definition, is the party that is intended to use them as identifiers).

EDIT: What delinka (https://news.ycombinator.com/item?id=12425976) said.

Except when businesses have to send information about a person to the government, in which case they have to use the government identifier to properly identify them. An example are employee records used for tax purposes.
I've read that many states sell their drivers license databases, as one example.
> it's interesting to me how the US federal consumer protection agencies never look at how much data the federal, state, local, etc. governments leak ...

And the private businesses security help, such as Google's, only talks about government and not business attackers.

Maybe doing charging through a data connector wasn't such a good idea after all.

We need more dumb inductive charging. And no, the charger does not need a data connection.

Random thought: couldn't one start making charging cables that only had power/ground pins present (but were still shaped like the apple/micro usb connectors)?
Yes. They're called "Charge Only Hardware Firewalls", and they are way overpriced.[1]

[1] https://lockedusb.com/

There are cheaper options than this, but mind: Those aren't completely trivial devices. They have to negotiate to get more than 100mA(?) and for that negotiation there are two protocols: Apple's and, I think, Samsung's, (which is used by everybody in the Android world nowadays) And the negotiation has to involve both, the supply and the device. Cheap devices sometimes only negotiate with the device and then draw too much electricity out of the supply, which can be damaging.
You could do this, but you may not be able to charge as fast. By default, USB only supplies 100mA. If you want to go above that, it needs to be negotiated over the data pins I think.
I have these and they work exactly as advertised: https://www.amazon.com/PortaPow-Specialised-20AWG-Charge-Sho...

$6/each (when you buy a pair) and they do rapid charging with absolutely no data connection. There are many other branded ones that are over-priced so avoid those and try these. If you don't want the Micro USB tips you can buy the standard USB adaptor to place inline between the outlet and your existing data cable.

Dedicated charging ports exist, they can be recognized by having something like zero Ohm, or respectively 200 Ohm between D+ and D-, or 15k Ohm on each pin against ground. (See also Maxim's USB Battery Charging survival guide)

That is, "power only" cables are not recognizable to the user, and malicious chargers came into being for that reason.

I have a couple cables like this and they are the number one cause of me wondering why some stupid USB device isn't being seen by my computer. I ended up putting blue nail polish on them to remind myself.
Yes but now you're training people to trust the "safe" cables. So the first time they get a cable the think is safe, they don't even think about it, they just plug it in and go.

It's a minor annoyance not being able to sync up your own music or handle calls through the system but it's much safer. Charge off your computer or a cigarette adapter. They're always safe... as far as I know.

The cigarette adapter is much safer than the cigarette lighter, that's for sure.

Safe cables represents a much smaller attack surface than "plug into random ports" which sounds like an improvement to me.

If your phone still uses Micro-USB Type-B, I highly recommend these Monoprice cables which ground the data pins during charging:

http://www.monoprice.com/product?p_id=13166

(This makes a data USB port appear to the phone as if it's connected to a wall charger.)

Wish there was a retractable version that had both lighting and microusb...
You could even just use a small USB condom, or cable adapter. There's several retail ones, all shiny and easy to use. I keep several of these in my bag http://syncstop.com
They really need to have a "rental car mode" in the infotainment center that provides a good UX for not leaking user information.

I've seen TVs with a "kiosk mode" option that do things like disable channel switching.

My most recent rental car (a Dodge Caravan) had a USB port on the center console that mounted the phone as a USB drive for media playback.

Tesla does this with "Valet Mode": http://www.teslarati.com/depth-look-valet-mode-tesla-model-s...

However, the problem still remains for their loan fleet. I often get vehicles with a few different phones synced and several months worth of navigation history. I clear it all out when I get the car, but they should institute a policy to wipe out any saved data when getting a loaner back.

I've experienced that many, many times with Zipcar. One that I use regularly, will have several phones all synced (with contacts downloaded, etc...) :-/
Wow, exactly what I was looking for. It's interesting that "Valet Mode" also limits the performance of the car and governs the speed to 70MPH max.

Maybe there's a way to disable that?

Frankly, I don't see a problem with leaving it enabled. There will come a day when I would willingly limit the vehicles speed when my children start to drive and they'll be safer for it.

Hopefully these vehicles will auto-limit speeds based on the area's speed limit. These chucklefucks that think they deserve to blast by me at 95 on a 65 area wouldn't cause so many accidents. (tons of blind curves == speed limit for a reason!)

Most areas within the US have highway speeds at 70mph, and many are higher. Valet mode needs to be able to go at least the speed limit on the road its driven on. Asking for more than 70mph is simply a matter of safety on those roads.
The cars my company uses have a speed warning. If you go above 90kms/h for more than 15 seconds an incredibly annoying High pitched tone will play. It works without limiting the ability to override it if the situation deserves it.
That doesn't really help. A situation where you suddenly need to go over 90kmph for a few seconds or two minutes is very rare. Much more common is a speed limit of 120 where it's a constant danger to be at 90, and the tone effectively prevents staying in the safe range.
Just keep right except to pass and you'll be fine.
At the very least, there should be a mode to charge via USB while disabling the data pins at the hardware level
This is a feature on computers (Macs at least), where on iOS you'll be prompted if you trust the device before it connects to it. If you choose "No" it will only charge.

Edit: Which of course is not hardware level per se, but something similar should be possible to implement on iOS for anything it connects to. Trust this? Enable data.

Recent versions of Android (I think anything >=4.4) also defaults to charging only mode, and makes you pick which type of data connection you want to offer.

I detest that MTP is the 'best' protocol offered for sharing the filesystem. I find it incredibly buggy and limited. (I would like to be able to use some of that filesystem for carrying around large files!)

I'm not sure how good that charging only mode is - it still presents an (empty?) MTP device to the host PC.
This is why I carry around a 'USB condom' (in particular, a PortaPow FastCharge) for use whenever I want to charge from an untrusted USB port.
Just buy a USB cable that simply doesn't have those wires. I bought a retractable one that isn't available anymore, but other people have posted many links to products just like it.
I always carry two usb battery bricks. One for my macbook (although I've only used it to charge in testing) and an amazonbasics one for my phone. Never had to plug into a public charging port. If I'm in a hotel I'll use a one of my apple usb power adapters.
Like another commenter says, "USB condoms" are available pretty cheap. You can even get them without any kind of casing on them to be able to see that the data pins are cut or missing.

I bring a couple on any trip where I think I might have to use USB to charge a device, since I don't trust strange USB ports.

This reminds me of the privacy concerns surrounding printers/copiers, which can hold onto sensitive data after you or your organization are done using them [1].

This also begs the question of how secure these "infotainment" systems are in the first place. Physical access to individual cars' data histories is relatively limited, but if these connected machines are remotely accessible then the resulting attack surface might be scary.

[1] https://www.ftc.gov/tips-advice/business-center/guidance/cop...

> Physical access to individual cars' data histories is relatively limited, but if these connected machines are remotely accessible then the resulting attack surface might be scary.

Cars are already beginning to be connected to the internet. Just wait a few years; they'll fall victim to the IoT epidemic soon enough.

I discovered this the first time I had to rent a car from my dealer. There were about 12 other phones connected in, and my phone would have ended up with all of their contacts if I hadn't thought to disable contact sharing. (Fortunately the Mazda UI asks before doing that.)

I went through that list and un-paired every phone, and cleared out the contacts list in the entertainment center. I also informed my dealer of the issue, and I hope they are a bit more mindful of it going forward. Cars are basically designed to only ever be used by one or two people at a time, so this isn't a huge risk for most owners, but for rentals it's kind of a privacy risk.

(comment deleted)
I generally clear everyone out in a rental as well. I should start letting the rental company know, thoug. That's a great idea.

Fortunately, Android asks if you want to sync contacts, to which I always reply "No". It seems like that should be the default with an option to enable specific cars.

Should be more appropriately titled "What is your phone telling the next rental car driver"
... "and the rental car agency and everyone they share data with."
TBH I doubt the rental car agency cares. They would rather not deal with it since their business is renting cars. Any word that gets out that they even use that data without your permission is going to be very bad press.

But on the other hand, for corporate espionage...if I know a certain company's employees rent cars from a certain location...I'd be poking around.

> They would rather not deal with it since their business is renting cars.

Every company's business is collecting data on their customers. It's very widespread.

> Any word that gets out that they even use that data without your permission is going to be very bad press

I disagree. Word on such behavior gets out all the time and few people care.

Which is why I never sync my phone with it or use the onboard GPS.

I'm honestly surprised that leasing agencies have not implemented some sort of a wipe procedure even if it's not a forensically secure wipe when a car is returned.

That said I once picked up a car at the airport that had someone's passport tucked into the overhead sun protector shade thingie.

With 185 rental days and counting this year I had my fair share of these kinds of situations.

I made fully resetting all electronic systems in the car as much as possible (which sometimes ends up being not at all) a ritual before returning cars.

Some cars offer a master reset (such as Ford with their SYNC system), some don't (such as BMW's iDrive). Some cars can have their multimedia systems reset but retain some information about the paired phones and some history as fragments on their SD card (such as the Nissan Maxima, where the multimedia system also malfunctions by forgetting all settings between power cycles if no SD card is present, make sure you check before you pick one up).

But in 95% of cases people don't give a damn and I would get a car that has all the previous customers' data in it. Phone logs, Navigation history, sometimes even contacts and text messages. I think it's scary.

When I pair my Android phone with a rental car via Bluetooth, the phone asks permission to share contacts and messages with the car (of course I deny them). Are folks saying that sensitive data is still shared in spite of this access control? This seems like a problem with Android / iOS rather than the car.
"This seems like a problem with Android / iOS rather than the car."

Or with the user who unthinkingly allows their phone to share contacts without considering the possible ramifications.

Most users are accustomed to just saying "yes", like when an app asks them for permissions, etc.

I had a similar situation using a replacement phone whilst mine got repaired. A factory reset had been performed, but the Android OS still contained some quite sensitive WhatsApp sent images, including personal photos and even a credit card balance screenshot.

Businesses need to get more savvy in this area.

Hopefully nothing since I don't connect it via anything.
Exactly, why would I sync my anything to something that isn't mine? That's like checking your bank account from a kiosk.. All the NOPEs.
I really want a setting for the phone to block all sharing with other systems. No prompt "do you trust?", just a blanket setting that I dont want to trust any system.

There's no longer any reason to tether the phone back to your Mac for backups or updates, so why is the phone so eager to share data? All of that can be accomplished with iCloud authentication.

you humans are so funny. you think you still have privacy. that ended in 2008.
I've been doing these security steps every single time since rentals got bluetooth. Every rental unless it's brand new has dozens of people's contacts and other data in it.
Trying to load this page consistently crashes my Safari tab. Anyone else?
I have seen other people's trails on rental cars and I've always wondered why would they connect their phones to basically what is an unknown system, exposed to just about anyone.

Maybe I'm just weird. Never had any reason to connect my phone to the car, not rental nor my own. I make phonecalls from my... well, phone, not the car. I use my phone's Google Maps if I need to refresh my memory to get driving instructions. I don't have music on my phone either. It seems that being a bit ignorant to new technology does pay off at times.