Once upon a time you sold your car, handed over the keys, log book, MOT certificate and pocketed the cash or bought a new car and thought no more about it. No longer. In today’s connected world – you may have just sold a computer on wheels.
As of late 2017 there were around 9 million internet-connected cars on UK roads. Most new cars have features that allow the owner to interact with the vehicle, even when nowhere near it. This varies from the ability to set climate control, through to uploading sat nav destination details and more. This information is then stored in the online account associated with the car.
This data is not the only personal information that remains with the car. For instance, phones that have been paired with the car should also be unpaired when the car is sold.
When selling an old phone or device most people would ensure that any personal data on it was completely wiped. The same principle applies when an internet-connected car is sold; it is generally the seller’s responsibility to disable the online account that they used with that car.
Many car manufacturers and dealers state this in their terms and conditions. However, some customers may not read them that closely and fail to delete their personal accounts and access. When the car is then sold on, the previous owner can track and monitor the car’s location and other data without the new owner’s knowledge.
The key message is to treat a modern car like any other connected device that is being sold: delete all personal data and disable the account that has been used with the car. Privacy is already seen as a key issue with phones, tablets, and laptops. Cars and other internet connected devices should also be added to the list.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.