One of the largest law enforcement agencies in the U.S., the Customs And Border Protection, has now found a convenient back door to siphon much of the information from the fortress of your smartphone: your car.
Even though your car tries to keep you physically safe with airbags and ABS and seatbelts, it’s shockingly inept when it comes to keeping your data safe from the prying eyes of police agencies, per a report from The Intercept.
As if that weren’t bad enough, our dumb cars are letting the CBP into our smartphones while we constantly and unknowingly pass data along. All the CBP needed was a few hardware kits from a Swedish IT firm called MSAB:
…[Part] of the draw of vacuuming data out of cars is that so many drivers are oblivious to the fact that their cars are generating so much data in the first place, often including extremely sensitive information inadvertently synced from smartphones.
Indeed, MSAB marketing materials promise cops access to a vast array of sensitive personal information quietly stored in the infotainment consoles and various other computers used by modern vehicles — a tapestry of personal details akin to what CBP might get when cracking into one’s personal phone.
The Intercept report outlines how MSAB’s “vehicle forensics kits” make data extraction and breaches of privacy so much easier for the CBP, effectively providing a shortcut to your sensitive information through your car, which lacks safeguards against data extraction. The reason is that in the past, the only information we’ve needed from our cars were things like fault codes and engine diagnostics.
But as the integration between our cars and phones becomes more and more commonplace, much of the information on our phones now flows back and forth between these two machines, which are a huge part of our everyday lives. Except the CBP doesn’t need to hack any security in your car. Hell, the CBP doesn’t even need a warrant, as a spokesperson for Latinx advocacy group Mijente, Jacinta Gonzalez, shared with The Intercept:
“It would appear that this technology can be applied like warrantless phone searches on anybody that CBP pleases, which has been a problem for journalists, activists, and lawyers, as well as anyone else CBP decides to surveil, without providing any reasonable justification. With this capability, it seems very likely CBP would conduct searches based on intelligence about family/social connection, etc., …
As a reference, those MSAB kits cost the CBP the low, low price of $456,073 last year, per The Intercept. The amount of data that those inexpensive kits gets the CBP is troubling, especially considering that we share our data without knowing. Using MSAB’s hardware, the CBP can access data as broad as the following, as The Intercept details:
MSAB claims that this data can include “Recent destinations, favorite locations, call logs, contact lists, SMS messages, emails, pictures, videos, social media feeds, and the navigation history of everywhere the vehicle has been.” MSAB even touts the ability to retrieve deleted data, divine “future plan[s],” and “Identify known associates and establish communication patterns between them.”
I should also note that even if it’s just the CBP which is currently using these vehicle forensics kits, all of that data they obtain can easily make its way to any other law enforcement agency, Actually, it’s not only possible but very likely, as one attorney from the ACLU quoted in the report notes, “What CBP have will trickle down to what your local cops on the street end up getting. That is not a theoretical concern.”
The entire report from The Intercept is well worth your time, especially if you’re like me, and have brushed aside the harmless but annoying prompts from your car and phone that ask for permission to download your phonebook. As it turns out, those prompts are not so harmless anymore.
The sad thing is carmakers have known about the security concerns in cars for quite some time, and yet they’ve failed to take meaningful steps towards addressing this. We can only hope that as the auto industry becomes more like the techindustry, some of those overlapping resources will be funneled to making our cars more secure from security breaches like these.