US Customs and Border Protection has found a way to scarf info from your smartphone; through our car. Cars have always been an easy mark when it comes to protecting data. But this is a new wrinkle in the clever ways to get your phone hacked. The feds and police can use some simple hardware and then they’re right into your phone.
Your car processes a lot of data
Your car processes a lot of data. Especially when it is syncing with your phone there is a lot of exposure. And all of that data gets stored in your car’s infotainment console or other CPUs that are used by all modern cars.
The feds are using simple hardware from a Swedish company called MSAB. Its “vehicle forensic kits” help cops extract data from phones. Hacking a car is so easy because most lack protection from data extraction.
Nobody thinks of cars as troves of data. You rarely even think about it. Only ever think about it if a “check engine” light comes on or other diagnostic info is needed. But the data in our phones flows back and forth between the phone and car.
“This technology can be applied like warrantless phone searches”
Juanita Gonzales with the advocacy group Mijente told the Intercept, “It would appear that this technology can be applied like warrantless phone searches on anybody that CBP pleases, which has been a problem for journalists, activists, and lawyers, as well as anyone else CBP decides to surveil, without providing any reasonable justification. With this capability, it seems very likely CBP would conduct searches based on intelligence about family/social connection, etc.”
Last year the CBP spent almost $500,000 for MSAB kits. Data like “recent destinations, favorite locations, call logs, contact lists, SMS messages, emails, pictures, videos, social media feeds, and nav history wherever the vehicle has traveled.” But there is more.
They can “identify known associates and establish communication patterns between them”
MSAB claims it can determine “future plans,” and “identify known associates and establish communication patterns between them.” In other words, info even we aren’t trying to access with our own phones. Just as concerning is that this data can be shared within law enforcement. So your local police might eventually get it, too.
But while the local grocery store has more concern for your data, the car manufacturers seem not to. They have known about this issue for years. But car companies have done very little has been done to protect smartphone info bouncing between your phone and car.
But if nothing else let this be a warning. Without you even considering it, your “protected” smartphone data is a trove of info outside authorities can Hoover up anytime they please. And the expense for retrieval is very small. Plus, it is perfectly legal and easy to get.