[AUTOMOTIVE SECTOR] New Bluetooth security flaw discovered in smart vehicles

In February 2018, Andrea Amico, the founder of Privacy4Cars, a mobile application created to help users delete personal data stored in the systems of connected vehicles, reportedly discovered that some vehicles, equipped with Bluetooth, could have been hacked. The attack can be performed in minutes using inexpensive and easily available hardware and software and does not require significant technical knowledge. Upon its discovery, Andrea Amico immediately notified the Automotive Information Sharing and Analysis Center (Auto-ISAC), the organization set up by the automotive industry to share and analyze information on emerging cyber security risks among its members. Motorists who have synchronized their phones in vehicles that have been rented, loaned or sold may have leaked information such as phone contacts or navigation data recorded in the vehicle’s GPS. Vehicle users should consider deleting personal data from all infotainment systems before allowing anyone to access their vehicle. Industry players should consider implementing a consumer data protection policy, either by helping customers delete their personal information or by performing the operation themselves.