New Ytest
Sign out
Bimmerpost
Login
BMW E39 5-Series Forum | 5Post.com
BMW Garage BMW Meets Register Today's Posts  
Go Back   BMW E39 5-Series Forum | 5Post.com > BIMMERPOST Universal Forums > General Automotive (non-BMW) Talk + Photos/Videos

Post Reply
 
Thread Tools Search this Thread
      12-18-2019, 06:55 AM   #1
Salty Dog
Captain
Salty Dog's Avatar
3579
Rep
885
Posts

 
Drives: Austin Mini,MBGLK, Porsche 993
Join Date: Nov 2019
Location: Canada

iTrader: (0)

Interesting article - What does your car know about you?

What does your car know about you? We hacked a Chevy to find out
Your car is likely collecting about 25 gigabytes of your data per hour — but ask automakers what they do with it all, and they clam up

by GEOFFREY A. FOWLER | 5 HOURS AGO

https://driving.ca/chevrolet/volt/au...vy-to-find-out

Jim Mason, a forensic engineer with ARCCA, helped us access and download the contents of our car's infotainment computer.Geoffrey Fowler / Washington Post

Behind the wheel, it’s nothing but you, the open road — and your car quietly recording your every move.

On a recent drive, a 2017 Chevrolet collected my precise location. It stored my phone’s ID and the people I called. It judged my acceleration and braking style, beaming back reports to its maker General Motors over an always-on Internet connection.

Cars have become the most sophisticated computers many of us own, filled with hundreds of sensors. Even older models know an awful lot about you. Many copy over personal data as soon as you plug in a smartphone.

But for the thousands you spend to buy a car, the data it produces doesn’t belong to you. My Chevy’s dashboard didn’t say what the car was recording. It wasn’t in the owner’s manual. There was no way to download it.

To glimpse my car data, I had to hack my way in.

Spilling our Chevy Volt’s secrets

Jim Mason hacks into cars for a living, but usually just to better understand crashes and thefts. The Caltech-trained engineer works in Oakland, California, for a firm called ARCCA that helps reconstruct accidents. He agreed to help conduct a forensic analysis of my privacy.

I chose a Chevrolet as our test subject because its maker GM has had the longest of any automaker to figure out data transparency. It began connecting cars with its OnStar service in 1996, initially to summon emergency assistance. Today, GM has more than 11 million 4G LTE data-equipped vehicles on the road. I found a volunteer, Doug, who let us peer inside his two-year-old Chevy Volt.

Modern vehicles don’t just have one computer. There are multiple, interconnected brains that can generate up to 25 gigabytes of data per hour from sensors all over the car. Even with Mason’s gear, we could only access some of these systems.

This kind of hacking isn’t a security risk for most of us — it requires hours of physical access to a vehicle. Mason brought a laptop, special software, a box of circuit boards and dozens of sockets and screwdrivers.

We focused on the computer with the most accessible data: the infotainment system. You might think of it as the car’s touch screen audio controls, yet many systems interact with it, from navigation to a synced-up smartphone. The only problem? This computer is buried beneath the dashboard. After an hour of prying and unscrewing, our Chevy’s interior looked like it had been lobotomized.

(Don’t try this at home. Seriously — we had to take the car into a repair shop to get the infotainment computer reset.)

It was worth the trouble when Mason showed me my data. There on a map was the precise location where I’d driven to take apart the Chevy. There were my other destinations, such as the hardware store I’d stopped at to buy some tape.

Among the trove of data points were unique identifiers for my and Doug’s phones, and a detailed log of phone calls from the previous week. There was a long list of contacts, right down to people’s address, emails and even photos.

Infotainment systems can collect even more. Mason has hacked into Fords that record locations once every few minutes, even when you don’t use the navigation system. He’s seen German cars with 300-gigabyte hard drives — five times as much as a basic iPhone 11. The Tesla Model 3 can collect video snippets from the car’s many cameras. Coming next: face data, used to personalize the vehicle and track driver attention.

A privacy policy only a lawyer’s mother could love

My volunteer car owner Doug asked GM to see the data it collected and shared. The automaker just pointed us to an obtuse privacy policy. Doug also (twice) sent GM a formal request under a 2003 California data law to ask who the company shared his information with. He got no reply.

GM spokesman David Caldwell declined to offer specifics on Doug’s Chevy, but said the data GM collects generally falls into three categories: vehicle location, vehicle performance and driver behavior. “Much of this data is highly technical, not linkable to individuals and doesn’t leave the vehicle itself,” he said.

The company, he said, collects real-time data to monitor vehicle performance to improve safety and to help design future products and services.

But there were clues to what more GM knows on its website and app. It offers a Smart Driver score – a measure of good driving – based on how hard you brake and turn, and how often you drive late at night. They’ll share that with insurance companies, if you want. With paid OnStar service, I could, on demand, locate the car’s exact location.

The OnStar privacy policy, possibly only ever read by yours truly, grants the company rights to a broad set of personal and driving data without much detail on when and how often it might collect it. It says: “We may keep the information we collect for as long as necessary” to operate, conduct research or satisfy GM’s contractual obligations. Translation: pretty much forever.

It’s likely GM and other automakers only keep just a slice of the data cars generate. But think of that as a temporary phenomenon. Coming 5G cellular networks promise to link cars to the Internet with ultra-fast, ultra-high-capacity connections. As wireless connections get cheaper and data becomes more valuable, anything the car knows about you is fair game.

Disconnecting in today’s connected age

GM’s view, echoed by many other automakers, is that we gave them permission for all of this. “Nothing happens without customer consent,” said GM’s Caldwell.

When my volunteer Doug bought his Chevy, he didn’t even realize OnStar basic service came standard. There is no button or menu inside the Chevy to shut off OnStar or other data collection, though GM says it has added one to newer vehicles. Customers can press the console OnStar button and ask a representative to remotely disconnect.

What’s the worry? From conversations with industry insiders, I know many automakers haven’t totally figured out what to do with the growing amounts of driving data we generate. But that’s hardly stopping them from collecting it.

The infotainment computer of a Chevrolet is connected to additional hardware to copy over its contents to a laptop. Geoffrey Fowler / Washington Post
Five years ago, 20 automakers signed onto volunteer privacy standards, pledging to “provide customers with clear, meaningful information about the types of information collected and how it is used” as well as “ways for customers to manage their data.” But when I called eight of the largest automakers, not even one offered a dashboard for customers to look at, download and control their data.

GM’s privacy policy, which the company says it will update before the end of 2019, says it may “use anonymized information or share it with third parties for any legitimate business purpose.” Such as whom? “The details of those third-party relationships are confidential,” said Caldwell.

There are more questions. GM’s privacy policy says it will comply with legal data demands. How often does it share our data with the government? GM doesn’t offer a transparency report like tech companies do.

Are any carmakers better? Among the privacy policies I read, Toyota’s stood out for drawing a few clear lines in the sand about data sharing. It says it won’t share “personal information” with data resellers, social networks or ad networks — but still carves out the right to share what it calls “vehicle data” with business partners.

Until automakers put even a fraction of the effort they put into TV commercials into giving us control over our data, I’d be wary about using in-vehicle apps or signing up for additional data services.

If you’re buying a new vehicle, tell the dealer you want to know about connected services — and how to turn them off. Few offer an Internet “kill switch,” but they may at least allow you turn off location tracking.

Or, for now at least, you can just buy an old car. Mason, for one, drives a conspicuously non-connected 1992 Toyota.
Appreciate 0
      12-18-2019, 08:21 AM   #2
VisualEcho
Banned
VisualEcho's Avatar
United_States
6659
Rep
4,143
Posts

 
Drives: '18 M2 6MT
Join Date: Sep 2019
Location: Missouri

iTrader: (1)

Garage List
2018 BMW M2  [10.00]
Big Brother's little brother. The future is now.
Appreciate 0
      12-18-2019, 08:34 AM   #3
Deveau
Registered
0
Rep
1
Posts

 
Drives: F20
Join Date: Dec 2019
Location: Kent

iTrader: (0)

25 GB of data per hour? They better have large storage packages. haha
__________________
People strongly suggest electric log splitters because they're amazing.
Appreciate 0
      12-18-2019, 09:41 AM   #4
GuidoK
#buildnotbought
GuidoK's Avatar
13494
Rep
5,436
Posts

 
Drives: Z4 3.0i ESS TS2+
Join Date: Jul 2012
Location: Tinkering in the garage

iTrader: (0)

Quote:
Originally Posted by Deveau View Post
25 GB of data per hour? They better have large storage packages. haha
They generate 25GB of data. That doesnt mean it stores all that data for forever.
That number is taken -if I understand correctly- from the bandwith of the interconnecting bus topology between the multiple computers, or, what data the sensors generate. So how much times per second the speedo updates or the abs wheel sensors are being read, the crankshaft sensor is being read etc etc etc.

But that sensor data is being kept is no secret and has been going on for at least a decade. For porsches it's common knowledge that the amount of redline the engine has seen is stored (and probably a lot more parameters, to see how the car has been treated in case of warranty or tuning), but for BMW this has also been going on for ages.
At BMW they call this FASTA data, and every time your car goes into a dealership and gets hooked onto a computer, that data is uploaded to bmw.
At least if they use ISTA software or newer (which all dealerships do).
You can see this on the screen that FASTA data is transferred.

This is a screenshot of FASTA data from the manufacturer POV (so you can't see this from the ISTA computer itself, but BMW can see this), and this is from a 2008 car, so not particularly new.... (E9x m3):
__________________
Z4 3.0i | ESS TS2+ supercharger | Quaife ATB LSD | Brembo/BMW performance BBK front/rear | Schrick FI cams | Schmiedmann headers+cats | Powerflex/strongflex PU bushings | Vibra-technics engine mounts | H&R anti rollbars | KW V3 coilovers/KW camber plates | Sachs race engineering clutch | tons of custom sh#t
Appreciate 0
      12-19-2019, 03:34 PM   #5
fastboatster
Captain
423
Rep
958
Posts

 
Drives: 2009 bmw 328i
Join Date: May 2019
Location: CA

iTrader: (0)

That’s quite different from storing and transmitting location data. AFAIK, in that article, the car was transmitting data to the manufacturer in a real time. With stored diag data, you can just choose not to go to the dealer. Imo, it’s great that number of times car saw the redline is stored - helps to cut the sellers bullshit about car being babied.
Appreciate 0
      12-21-2019, 11:21 AM   #6
hufington
Lieutenant Colonel
hufington's Avatar
United_States
4309
Rep
1,624
Posts

 
Drives: 2022 X5 m50i
Join Date: Mar 2010
Location: North East

iTrader: (0)

Garage List
It seems like there is no real "consent" as they can collect as much and then do whatever they want with the collected data as long as they want, that includes selling it to third parties for business purposes. The customers are fair game!
__________________
2022 BMW X5 m50i
2024 MB S580
2025 RR SV Edition 2 on order
'18 X5 50i / '16 BMW F10 550xi / '13 BMW F10 535i / '07 BMW E64 630i / '03 BMW E65 745i / '95 BMW E34 540i / '89 BMW E30 M3
Appreciate 0
      12-21-2019, 08:37 PM   #7
The Wind Breezes
Lieutenant Colonel
919
Rep
1,848
Posts

 
Drives: 135i N55 DCT
Join Date: Apr 2015
Location: USA

iTrader: (0)

Reality is determined by power and in comparison to the companies we "serve" consumers have very little. Get used to it! It will only get worse.
Appreciate 0
Post Reply

Bookmarks


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -5. The time now is 09:25 PM.




5post
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
1Addicts.com, BIMMERPOST.com, E90Post.com, F30Post.com, M3Post.com, ZPost.com, 5Post.com, 6Post.com, 7Post.com, XBimmers.com logo and trademark are properties of BIMMERPOST