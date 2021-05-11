We are in an ongoing battle between law enforcement agencies trying to collect data from our mobile phones and tech companies trying to maintain a certain level of privacy. However, it is no longer necessary for the police to ask for permission to access a suspect’s phoneas these people already share a large amount of personal data with automotive infotainment systems.

According to a report by The Intercept, all those mobile devices used by suspects who are believed to be involved in some criminal activity. Various officials, including representatives of the FBI (the main criminal investigation agency of the United States Department of Justice), have repeatedly called on the tech giants to step in and help unlock some password protected devices. Unfortunately, this creates conflicting interests for various groups.

The attack profile makes a lot of sense. Modern smartphones can be difficult to access, as they are frequently updated to correct any vulnerabilities that are made public. However, the simple fact that link it to a vehicle’s infotainment systemoften gives access to a large amount of data. And with virtually all modern car systems connected via the CAN bus, anything that happens in a vehicle can be logged, even how many times you’ve hit the injection cut-off.

Perhaps the most famous case is the iPhone from the San Bernardino terrorist attack in 2015, with the FBI publicly asking Apple to unlock the device and help investigators pass the passcode screen. Apple objected to national security claims, explaining that building such a backdoor would eventually compromise each and every one of its devices, as the company argued that it would have been only a matter of time until such a solution landed on the wrong hands.

Since then, many law enforcement agencies have been looking for all kinds of ways to access private data. The US publication reports that Customs and Border Protection officials have discovered an easy method to do everything. A mechanism that boils down to specially developed hardware packages and created by a Swedish information technology (IT) company called MSAB and that allow the feds to connect to the cars and extract the information from the synchronization between mobile and car.

In other words, police officers can get all the data that your phone allows the vehicle to readincluding recent destinations and favorite locations, call logs, contact lists, WhatsApp or SMS messages (yes, they still exist), emails, pictures, videos, and even the social media feeds you use. That is, if your car can access it, so can a police officer who connects to the vehicle using said kit. Because safety on board no longer depends only on the belt and the airbag.

But the saddest thing is that car manufacturers have known about these machine safety issues for a long time and yet they have not taken significant measures to address this problem. The only thing we can do is hope that as the auto industry becomes more like the tech industry, some of the overlapping resources will be channeled into making our cars safer from security breaches like these, either by a policeman or a hardened hacker.

Apparently every dedicated MSAB device costs more than 370,000 euros, but for a government agency, that doesn’t mean much. Police say the kits are critical for certain criminal investigations that require data extraction from the vehicle and paired cell phones.

Source: The Intercept