A recent blog by a certain Jo Nova pointed out how Japanese automobile manufacturing company Subaru has a privacy policy – which people often do not care to read carefully – that gives the company the authority to record conversations and users' faces so they can sell that data to the highest bidder. And most likely, all the other car companies have the same policies too.
Under "Information We Collect" on the automaker's website, it indicates that within the past twelve (12) months, Subaru has collected personal information including identifiers which are real names, usernames or aliases, postal addresses, unique personal identifiers, online identifiers, Internet Protocol addresses, email addresses, account names, Social Security numbers, driver's license numbers, vehicle information (such as model and year), vehicle identification number (VIN) and vehicle telemetry data, among others.
The said brand's electric vehicles (EV) also have the capability and are allowed to take personal information categories listed in the California Customer Records statute; commercial information such as records of personal property, products or services purchased, obtained, or considered; browsing history or consumers’ interactions with a website, application, or advertisement; geolocation data including from connected vehicle services; audio recordings of vehicle occupants; as well as credit card information for optional services, such as Subaru Starlink. This just means that artificial intelligence activated in the EV can identify the users' voice and anything they say already belongs to the car company. Thus, they can sell this information. Worse, even if you are a passenger and were never asked, your data won't be spared.
"So if you want to have a private discussion about your political views, your children, your religion, troubles at work, intellectual property, discoveries, information that might affect stock prices, your thoughts on immigration, corruption, mention any medical issues you have, or affairs anyone you know has had, don't do it in an electric car," Nova said in the article, adding that the carmaker also had a disclaimer that they cannot guarantee that the information they are transmitting will not be intercepted by other parties.
The blog urged the public to opt out and the best way to do so is never to buy, drive or ride in a Subaru. The writer further warned: "If you're walking on the street when a car with exterior cameras or sensors drives by, you might get caught up in that data collection too." (Related: 3 Suspicious narratives behind the big push toward electric vehicles.)
Apart from direct manufacturer's surveilling systems, analysts have also brought up hacking concerns on electric vehicle systems. In July 2023, researchers from cybersecurity firm Kaspersky looked at 69 third-party applications used to control cars and found that 58 percent used vehicle owners' information without obtaining consent. Unofficial apps put vehicle owners at risk of data breaches that could lead to stolen credit card numbers, home addresses, or other personal information. They could also give hackers access to vehicle systems.
Cars can also be hijacked through software vulnerabilities. EVs use complex software systems to control braking, steering, acceleration and other crucial functions and weak security measures let threat actors take control of the vehicle's functions. If telematics systems, which provide remote services, collect data and monitor vehicle performance, are unsecured, hackers can exploit them to gain unauthorized access to a vehicle. Some EVs utilize OTA updates to patch their software, as an alternative to physical recalls. These remote updates offer convenience for drivers and allow for continuous improvements. However, they can also be targets for hackers.
Another way EVs can be hacked is via charging infrastructure, especially since the United States currently has around 57,500 public charging stations and most electric chargers are connected devices. IoT refers to the collective network of connected devices and the technology that facilitates communication between devices and the cloud, as well as between the devices themselves.
Public chargers often require an app or radio frequency identification card, which stores a user’s location data, IP address and other network usage information. Although charging station data doesn’t allow hackers to access the car itself, they can use it to hack electric vehicle owners' personal accounts. Home car chargers that let users remotely monitor their vehicles using an app can also give hackers access to home internet networks.
According to a Consumer Watchdog report, the vehicles found to be most vulnerable to hacking include Nissan Rogue, Chevy Equinox, Chevy Silverado, Tesla models, Honda CRV, Honda Civic, Toyota Camry, Toyota Corolla, Toyota Rav 4, Ford F-150 and Dodge Ram 1500. And although not all are electric vehicles, these cars and trucks have connectivity features that leave them vulnerable to hacking.
Nowadays, countries all around the globe suffer from software developer shortages. In fact, a major player in the EV sector, South Korea, lacks software professionals in nearly 70 percent of its companies.
Learn more about electric vehicles on RoboCars.news.