Follow us

A rented car can tell hackers and criminals a lot about you

This information could be extracted from car’s entertainment system.

Published: October 4, 2021 By Darina Shramko

Title image for Don’t forget to purge your personal data from a rental car

Image source –pixabay.com

I am sure that almost all of my readers rented a car at least once in their lives.

Let's say you have arrived in another country and want to travel around several cities, or your car is being repaired, but you urgently need to get to the other end of the city, and a taxi does not come. In general, there are many reasons for car renting.

It's convenient for you to use the car-sharing service, and it is convenient for hackers to collect information about you. Although the machine doesn’t know how to speak, it will still transfer all your data to third parties if they have the gift of persuasion.

So, one of the most resonant cases of hacking of car-sharing occurred in 2018. Then the Australian Nick Kubrilovich fraudulently got access to the driver's data of the rented car and drive for two months at someone else's expense!

The news about hacks in car sharing is on everyone's lips, so let's figure out what the vulnerability of rented cars is and what you need to do in order not to get hooked by hackers.

Disclaimer: All information in this article is provided for educational purposes only. We are against using the materials of the article for criminal purposes; we also do not support the actions of cybercriminals. Any distribution of article materials without attribution is prohibited by Copyright Law.

Why is car sharing dangerous?

In the process of technology development, we can trace an inseparable connection between man and machine. One such example of synchronization is car-sharing services.

Today, I can confidently say that most cars are connected to the Internet. Navigation and remote control are impossible without access to the World Wide Web, making cars both technologically advanced and... vulnerable.

Car sharing has allowed cars to become a public resource, removing the need for taxis or public transport. If an emergency happens, you can always rent a car for a few hours and leave on business.

You no longer need to order a taxi, wait for public transport and freeze at bus stops. To rent a car is enough to have a driver's license and... confidential data that hackers are so interested in.

Car-Sharing System

Image source − edwinconan.wordpress.com

The fact is that most of the car’s management functions are now controlled by electronic components, which, of course, can be influenced through software intervention.

Earlier, we talked with you about hacking Tesla and other electric cars, so you already know that many cases of illegal remote hacking of cars are recorded in the world every day. In addition, a cyber-attack on the Car2Go car-sharing service has also recently been carried out.

Car sharing problems begin at the stage of mobile apps.

Found that most of the existing car-sharing applications have security problems, namely:

  • more than half of the applications don’t ask users for a complex password, allowing the entry of a four-character PIN code of doubtful reliability (for example, 1111)
  • some apps aren’t protected from phishing: they allow you to display phishing windows on top of them, which imitate the original ones but are designed to steal your data
  • lack of protection against a man-in-the-middle attack

The fact is that iOS apps are characterized by a weak encryption algorithm, use of the clipboard, and insecure authentication.

Almost all popular car-sharing applications use the insecure HTTP protocol and insecure storage of confidential data; in one case, discovered that didn't implement the app's fingerprint authentication securely.

As you can see, dreams of safe car sharing are still unrealized.

Providing reliable car-sharing protection is a joint task of software developers, testers, cybersecurity specialists, and car rental service owners. Only teamwork will help to overcome the evil intentions of hackers!

So, we are convinced that the car-sharing service is still unsafe for mass use. It's time to find out the main thing − what data of yours interests hackers the most?


What data can extract from rented cars

Typically, hackers are interested in the following data:

  • phone number
  • email
  • bank card data (Pin code, CVV code)
  • address
  • your biometric data, etc.

It's not hard to guess how much trouble hackers can do own this information!

The worst thing in this situation is that we voluntarily leave most of the data in applying for a car rental.

Some data (for example, biometric) could be obtained due to the introduction of malware on your phone. Usually, it happens if you connect to the USB system or Bluetooth in the car.

Based on this, the question arises − what to do so that the rented car does not suddenly ruin your whole life?


How to protect your confidential data?

When contacting car rental services, you need to leave some data about yourself. It's a standard procedure that has long been practiced in the service industry. But few people think about the consequences of a standard registration procedure.

To prevent the distribution of your confidential information to third parties, read a few of my recommendations:

  • Don’t connect to the Bluetooth or USB system in the car

Refrain from listening to music in your rented car.

The fact is that it can infect your devices with malware that is designed to copy your data the moment connects your phone to Bluetooth or USB.

  • Don’t leave your phone number and email when registering

Some car rental services provide the service of booking the desired car. To do this, you need to fill out a registration form on the company's website, which is most often asked to leave a mobile phone number or email for communication.

Be tricky ─ leave a spare phone number or email that is not tied to your real identity. To create a spare mailbox, I advise you to use ProtonMail or any other secure email service.

By the way, Edward Stone also resorted to using different phone numbers and emails to stay incognito. Try it!

  • If possible, refuse to rent electric cars

Of course, electric cars are our future. These cars help preserve the planet's ecology and are very easy to drive, but I still advise you to refrain from renting.

Unfortunately, electric cars have many vulnerabilities. They are susceptible to hacking, so I would not want you to become a victim of hackers in the middle of the road. Gaining remote access to a smart car will not be a massive problem for cybercriminals.

You still don't have to drive a rented car your whole life, so you shouldn't risk your safety for temporary comfort.

  • Create a separate card to pay for car-sharing and top up it as needed

Don’t use your primary card to pay for car-sharing services − this is fraught with the loss of your money.

If an SMS message with a PIN-code from the account comes from the car-sharing service, it is necessary to untie the bank card from the account and contact the technical support service.

  • Create a complex password for mobile car-sharing app

A strong password several times reduces the risk of password cracking by brute force and third-party hacker utilities.


Conclusion

I use the car rental service with caution because the curious minds of hackers are waiting for us everywhere. They want to take over our data!

After reading this guide, I hope you will reconsider your attitude to the car-sharing service and think about the safety rules. Even one little thing can lead to disastrous consequences, so it is essential always to remain aware.

Dear readers, do you use car-sharing mobile apps? If so, which ones? Share your favorites in the comments!

Good luck & see you soon!

Author
Darina Shramko
Cybersecurity specialist and researcher.

Write a review

click to select