Cyber Security & Cars

Tech Transforms Podcast - Hosted by Carolyn Ford for sponsored by Dynatrace

Global technology is changing the way we live. Critical government decisions affect the intersection of technology advancement and human needs. This podcast talks to some of the most prominent influencers shaping the landscape to understand how they are leveraging technology to solve complex challenges while also meeting the needs of today's modern world.

Contact: Tech Transforms Podcast at Visit Online!

       

• So WHAT? – That’s the Tech Transforms segment; so why are we here?
• Let’s talk cyber security and cars!
• I attended a conference years ago where a woman cyber expert was preaching to deaf ears about syncing/connecting mobile devices to rental cars, and how folks can gain access to that, even after the car has been sent to the junk yard.
• The Jeep/Chrysler hack via the cell system, but it’s now a great conversation about “security through obscurity”
• Food for thought –  what about all the new EV and the gadgets, gizmos, autonomous driving… aka Johnny Cabs. Are we making this worse for ourselves? 

and much, much more!

[00:00:00] Gran Touring Motorsports started as a social group of car enthusiasts, but we’ve expanded into all sorts of motorsports disciplines, and we want to share our stories with you. Years of racing, wrenching, and motorsports experience brings together a top notch collection of knowledge and information through our podcast, Brake Fix.

Many people will agree that moving public services to general availability is a good idea and creates mass convenience. But it also opens up new attack and data collection vectors in places we had never expected. Data systems that we take for granted each day as we move more and more connected services and devices to the cloud.

This means as cybersecurity professionals, we must remain vigilant about how we protect these tools, services, and even our automobiles. Which have a direct correlation on protecting individuals, families, and their privacy. Did your Bluetooth earbud connected to your phone just make your car open to an [00:01:00] attack?

Welcome listeners to a spine chilling episode of the Tech Transforms and Brake Fix podcast. So what crossover. This is the third and final episode in our three part series, where we’re exploring some of the spookier, creepier, and crazier sides of technology. If you missed our previous episodes, we have linked to them in the show notes, so be sure to check them out.

Today, we have a hauntingly important topic to discuss. The intersection of cybersecurity, car hacking, And the Ghostbusters mission. I’m Carolyn Ford, your host, and with me are the spook busting co host Tracy Bannon. Hi, Trace. And we’ve got the one and only crew chief, Eric. Hi, Carolyn. It’s good to be back on Tech Transforms.

Last time we saw you, we were talking EVs. This is a great opportunity to continue that conversation. Yeah, it is. And have a better understanding of why cybersecurity is important, why data [00:02:00] protection is crucial to our everyday success. That’s what we’re going to chat about on this special crossover episode.

So let’s get going. Eric, I’m going to kick off with the first question to you. Sure. Let’s talk about ghosts in our cars. What, if any, are the cyber security challenges in today’s cars? Are there any that you find particularly frightening? So when you look at an automobile, everybody kind of thinks of it as if it was an appliance, right?

It’s like, well, I put my clothes in the washing machine. I hit a button and they pop out and they’re washed. I get in my car, I turn the key. It drives me the places I want to go. But cars have been an evolution in engineering since the early 1900s, even the late 1800s for that matter. And up until the 2000s when computing technology got more powerful, like we talked about on our first crossover episode in both of our season ones, where there’s these ML and AI computers inside, they’re making decisions about how the engine should run and this and that and how systems interact with one another.

As we brought in [00:03:00] more creature comforts and made things more complicated, we’ve actually opened vehicles up to being susceptible to vulnerabilities and attack. As we get closer and closer to EVs having more and more market saturation. We’ve introduced even more problems because we’re even more dependent on electrical systems and digital systems and over the air updates and all these kinds of things that older cars just don’t have.

And they’re not susceptible to, for me, that’s a scary reality. And it actually has shied me away from buying the newest of the new cars, even though there are some really exciting things out there, because what am I opening myself up to if I buy a Ford Mach E or a Tesla model three or something else?

Well, it depends if you are buying a U S made car from a traditional manufacturer. They have come out and said, I think it was about six weeks ago. They came out with a report that said, we’re not Tesla. We have components from hundreds of different distributors from hundreds of different providers, and they were not created to go with one another.

Or if they were, they were not created under one [00:04:00] umbrella. So you’re buying piece a knitting together with piece B, PC, PC. The problem with that and the differentiation from Tesla is that Tesla has created everything under an umbrella and told anybody who’s providing any part for them, what are the requirements and how are you going to align to exactly what we need?

So there’s a holistic aspect to a Tesla that I would assert. Would make it more secure as opposed to less secure. If I’m cobbling together or piecing together lots of pieces from different organizations, I’m going to be able to get after many more holes. That’s a fair point, but disparate systems talking over a common bus over a common language sharing information is a little bit different than a proprietary system that someone has full access to over the air.

So when you compare a Tesla to a Porsche, yes. Porsche’s in bed through Volkswagen Audi group with Bosch and Bosch supplies a lot of the, let’s say, electromechanical parts that run the system in general from engine sensors to the MFI, the multifunction interface that’s running your radio and all those kinds of things.

They [00:05:00] talk over what’s known as a CAN bus. It’s a backend electrical system that lets those disparate systems talk to one another. But Tesla, there’s been reports and there’s been investigations showing that. They can turn on the cameras inside the car and see what you’re doing. They’ve been spying on people.

There’s been all sorts of allegations that have been thrown out there. So it’s a closed system that’s completely open because I can touch every sensor, every camera, every piece of it versus in a Porsche. It’s harder to hack the motor than it is to hack the radio, right? Because they aren’t necessarily talking to one another.

So there’s good and bad on both sides. There are almost different attack issues or different threat models that we’re talking about. If you have a holistic system and a nefarious actor gain access to that, do they suddenly get access to everything? Versus I believe what is a much more difficult to detect vector that comes in through one of those components.

Yes. We’re talking about there’s the over the air aspect to it. Although other cars now, it’s not just Tesla that has updates over the air. There are other cars that are making updates over the air. I would ask about whether you’re serious on [00:06:00] star, all of the other areas where they can gain access to your car.

We have to think about many, many, many different attack vectors. So I don’t know if we can say that. One is better than the other. I think that the attack surfaces, the attack vectors are very, very different. And so we have to start to think about as the end user, how do I protect the owner of the car? How do I protect them first and foremost from privacy invasions and from nefarious actions?

So I want to protect them first and then figure out is over the air, a good thing, a bad thing. I always need to go into a mechanic. Are they going to send me now a module that I plug in myself? Like, what are those other alternatives? If we were to isolate them from over the air updates, I want to jump in our DeLorean and go back in time about eight years ago.

It was at either black hat or DEF CON. They hacked the Jeep. So you remember this. Can one of you like talk us through exactly what happened? Cause this is where I was like, Oh, this isn’t just abstract. Oh, we might be able to do this. We might maybe this or that, like they hacked the Jeep. They took it over.

So [00:07:00] Eric, you want to walk us through exactly what happened? I can speak intimately to this because I own one of these vehicles. In today’s day and age, you’re talking eight years ago. That was 3G wireless technology or cellular technology. Now it’s secure by obscurity. So I don’t have to worry about it as much.

But yes, they were able to hijack The cellular signal coming out of the Jeep, which was used for over the air updates and a primitive system that Chrysler had put together, and they were able to basically turn the car off. It couldn’t do too much as you weren’t going in there and reprogramming or remapping the engine or any of its fuel parameters or anything like that.

Those systems are protected. That’s a Bosch system in the Jeep. So they weren’t able to hack that, but because you’ve got the remote key fobs and the remote start and the, you know, this and that, and all these wonderful creature comforts that we’ve become used to, those things are susceptible. So. over the air, got in and were able to turn the Jeep off while it was running.

It’s like, holy cow, you know, the equivalent of me hitting the ignition button while going down the road. So while they’re driving down the road, the Jeep just got shut off, just dead in the [00:08:00] water. Correct. Which has its own ramifications, right? Yeah. So let’s get back in the DeLorean and come back to the future.

They were able to just turn it off. You said they couldn’t do too much. Theoretically, what can they do now? Not too much. And part of that is because, especially in the case of Chrysler, which at that time was owned by Fiat, now part of the Stellantis Group, a mega merger that’s occurred over the last couple of years.

Luckily, unlike a Volkswagen system where the ECU that runs the engine is unencrypted, the Chrysler systems are Fully disc encrypted. So you can’t actually hack into the transmission module, power train module, or the ECU that controls the engine. And that’s why the hackers could only get so far, but that ignition button being digital, not a physical key, they were able to circumvent that.

And turn the system off. Yeah. You could go in and mess with other settings through the Uconnect, which is the MFI or multifunction interface that runs a radio, things like that, because that’s basically, let’s call it an Android based system that’s running in the vehicle. So there’s ways to get into that.

You have to remember [00:09:00] platforms like that were designed. Not eight years ago, three years prior to that, because it takes three to four years to get a car to market. So what technology were they leveraging in 2013? Well, it was 2010 technology. So maybe not patched as we would be patching them today, or maybe not even as sophisticated as they are today.

Although. They’re not designed to the same level as a smartphone. They’re designed to operate for 10 years without any trouble to be trouble free and to be reliable. So they’re very simple embedded systems, which again, people aren’t thinking about how can I hack that? Looking at some information, just throwing some data points out right now, the average new car has over a hundred computers, a hundred little modules, embedded pieces in it.

So a hundred of those things, millions of line of software code, and they’re all networked together. But it falls into a couple of different categories. So just putting this out there to help people wrap their brains around it. Cause we are hopping over so many different nefarious areas. You’ve got the things that you’ve talked about, the drive train, controlling the fuel, the battery monitoring emissions.

So like one group, [00:10:00] it’s another category, which is about providing safety. So this is the thing that’s outside the car. Automatic braking can be a part of that backup monitoring. The third gets into the cool stuff, which is the fun stuff, the infotainment. And I would say that this is probably an area that would be.

Highly hackable because this is getting into cellular services and wifi connectivity and wifi hotspots being provided by the car itself, you know? And another is getting after the need to communicate between all of those. So there’s kind of that fourth area of having that network inside the car as a data center, right?

With all of the connectivity between it. So there’s just so many opportunities to hack into it. Well, it’s a nefarious actors dream world, right? To your point, even if we think about things that are not related to the car, if we think about simple things like that button remote, whatever that button remote is too, you remember about eight or 10 years ago, people were driving around and they were searching out, you know, other people’s wifi so they could get to their wifi or searching out their RFI, searching out whatever they could, searching out their [00:11:00] Bluetooth.

That’s still happening, but now we’re not driving by a house or going into an apartment building to try and get signal right to hijack somebody signal and ride piggyback. Now we’re thinking about what can we do nefariously with that car. If you think about the bad actors who want to hack into a car.

They’re not doing that simply to steal your data. We’re talking about life and limb when it comes to hacking into a car. You’re 100 percent right because of what could be done, especially on these newer interconnected platforms in EVs where everything is controlled by, even though there’s individual subprocessors doing things, it’s one mega mainframe inside of that Tesla or that Mach E or that Porsche Taycan or whatever it is.

It’s not like the old days where, say circa mid 2000s. Engines were still separate from infotainment. Infotainment was still separate from what they called the convenience or comfort package, which was the alarm system and a lot of other features of the car. Now they’re all fully integrated because you joke about even cars in the nineties.

It had eight different computers in that Cadillac to [00:12:00] run these different components. Now it’s one mega computer that can do all of it. By consolidating, you’ve made it easier to interact with those systems like we’ve been talking about here, but more importantly, I am so happy you brought up these additional attack vectors.

We have to stretch people’s understanding a little bit here, and it’s not something that we’re imagining. We’re trying to put FUD into the universe. It’s real. And I’m so happy that General Motors and Ford through their Lincoln division stopped it. Putting in wireless hubs in their cars because adding internet access, so you can plug in your laptop on the go and your passengers can do all this kind of stuff.

Oh my goodness. Talk about opening the floodgates at that point. I mean, low E Bluetooth is bad enough, let alone the wifi that they were adding in these cars. So you don’t see that feature anymore. No, but it was fun a couple of years ago to be driving down the highway. And it’s usually my husband driving and me tapping away at the light and connecting to wait, Oh, can I connect?

Can I connect? I don’t know why [00:13:00] that’s so bad. Sorry. It sounds good to me. It’s sort of like turning up the wick on your home internet and then broadcasting to everybody on the planet that your Wi Fi is wide open with no password. Right, drive down the highway and I connect to you. And you’re in the car beside me and I’m connecting to your car.

I’m not connecting to my car. That’s great, but I can get that to my hotspot. So I don’t need my car to do it for me. So you’re using my internet. What do I care? If your home was infiltrated, it’s the same way. Your house has just been hacked. Somebody’s using your internet. But think about this. Now, if the cars are talking to one another, or you’ve got a nefarious person in the passenger seat of that Uber, he just downloads a virus onto your car, and you’re a brick in the middle of the beltway.

There we go. Now we’re getting spooky. Eric, I read an article that you wrote. To be honest, I didn’t follow it entirely, but the gist of it was… Don’t connect your iPhone to rental cars. Tracy’s like, yes, why would you do that? I get a rental car every week, every week. I get a different rental car because for [00:14:00] one day a week, I traveled either to DC or to New York, get a car.

When I get in, I can see all of those other passengers who have synced and allowed their contacts to be downloaded. So when you connect your phone, wonderful to Apple play, let’s say I’m now opening the door. For it to use all, now I love to use Apple play so I can get a bigger display of what I’m doing.

Yeah. I don’t allow it to touch my contacts. I don’t allow it to sync any of my prior calls. So can you do that? Like when you connect, you can say only do my nav system. Well, depending on the version of Apple play. Yes. And I also only use the cable. Most of us aren’t that sophisticated. I mean, we need to be able to just say, yep, connect.

But we have to be. So I like what Tracy said, that she only uses a cable. I’m old school like that too. Turn off that Bluetooth. You’re less susceptible, even if it’s low E Bluetooth, all that kind of stuff. But there’s another piece to this. Not only is it contacts, it’s your GPS history. And one of the things that will pick up is that simple little word home.[00:15:00]

And think about this, a rental car is not designed differently than your passenger vehicle. It starts life as a passenger vehicle. So the way General Motors or Volkswagen or Toyota is building them is. For the convenience of that lone driver or that family to say, yeah, I’m going to sync up my phone. I’m going to use the nav system.

I’m going to use all these creature comforts that are specific to you, but in a rental car, it’s public information. So now how many homes are listed in there? And if I was somebody nefarious and go, well, let me go to the last person that’s closest to me. That’s home. Now I can figure out where you live.

Case your house. I’m in a rental car, which is nondescript doesn’t belong to me. Anyways, if you trace my tag, it goes back to Hertz or enterprise or whoever. Like you can really snowball this stuff. If you’re not careful. What if I delete my phone? When I turn the car back in, like I say, disconnect. It still has my data.

Disconnect is one thing, but you have to purge the system. And so that data is cached there from the last time it synced with your phone. So you have to be very careful of that. But there’s another [00:16:00] piece that people forget. Oh, I got rid of my car. I traded it at a dealership or I gave it to, you know, Salvation Army and it went to the junk.

That one’s a good one. The junkyard. Well, guess what people that are pulling head units, whether it’s me, that I need a spare one for my Jeep, because I got to replace it, or if it’s the junkyard, that wants to resell it, that data is still written on the device. If it hasn’t been purged. So the minute that simple system fires up, I now have access to all your contacts and where you live and everything else that was added to the vehicle.

This is the reason that my husband is ops to my dev. This is why he doesn’t throw away hard drives. After they’re demagnetized and degausses them, then there are some things that he does to take pieces apart so that people cannot capitalize on it. Because if you even think that you have erased your hard drive and throw a hard drive out, you put it out in the curb for the trashman to take away if your district does that, or if you take it to the local collection, people can get after the data that is there, the things that have been saved.

So it’s the same mental model. Don’t leave an electronic trace [00:17:00] behind. Yep. And if you are going to have anything that is made a public, how can you reduce that and anonymize it? Don’t click home. You could type in your address, but never in a rental car, go into your apps, go into your navigation app and click home because you have now to your point just broadcast.

Exactly where you live short of the fact that we don’t use hard drives and cars anymore. There are still some disk space systems out there, some legacy stuff floating around. Everything’s on chips. We know that forensics has gotten very sophisticated these days, and the data can be reconstructed with careful consideration and tooling.

So short of hitting the car with an EMP to basically wipe out every chip that’s on it, you have to be very, very careful. I would say this. If I was going to get rid of a car, I would probably have none. I’m not going to say a burner phone, but a dummy phone that I would re sync, purge, re sync, try to do a multiple rewrite because I can’t zeroize the system.

That’s on my personal vehicle. But [00:18:00] on a rental car, my recommendation to everybody is do not sync your phone to the car, especially over Bluetooth. But okay to use the cable. Use a cable. Now, here’s the other thing. I’m probably even more old school than Tracy in this case. I travel with a physical GPS. I have my own private Garmin.

I have all my stuff saved on there. Plug it into the cigarette lighter. The car doesn’t know anything about anything. Not only that, I don’t want to pay the money that Hertz charges, you know, the rental fee for a GPS. I like being offline because those systems are designed to work without cellular.

They’re designed to communicate one way with the satellites in the sky and say, here’s where I am, here’s where you’re looking to go. End of story. And they work here, they work in Europe, they work everywhere. And I don’t have to be tied to my phone and making all that work. Now I know people are going, Oh, well, I want to get my music and I want to get my podcast.

And I can’t listen to you if I’m not connected to the car within reason, right? So you can, you just made me think that I need to get down to our basement as a full size of our house. And it is filled with way too much hardware, but I know that [00:19:00] there’s a box that has our tampons and our garments. I hadn’t thought about that one.

I really liked that idea of simply taking that because. I just need to know where to turn in a city that I haven’t been in before. For me, that’s all that I need to know. Now I’m not going back to MapQuest and printing it out though. Most of us aren’t going to do that. Like you’re just making me tired all over.

Just hearing this, I’m going to give you the same argument. You guys have heard this a million times. It makes me cringe. Well, I have nothing to hide. Nobody’s gonna. Who would care where I’ve been or my data or blah, blah, blah. I’m hearing this from my family because we’re just ordinary people. Like who cares?

Okay, I’ll give you a prime example here. I wrote another article a couple of years ago, specifically for my mother in law, who we had this exact argument. And I said, I’m going to take something as simple as your license plate number. Show you, I can get all sorts of information about you, even though the D M V is supposed to protect us and all this kind of stuff.

So I reverse engineered through an ad. I actually saw in TrueCar using their system as an automated evaluator for selling the car and trading in and what should I [00:20:00] get, like Kelley Blue Book value for the vehicle And I worked backwards from there and the information it gave me about the vehicle, then I was able to take that and reverse engineer it into another public access database.

And finally end up in places of public record saying, Well, this is where you live and this is that, and this is other information and blah, blah, blah. And here you go, here’s a full report on you. And it took me maybe an hour to figure all that stuff out. I’m not doing that every day. It’s not my job to be that ethical hacker, but there’s people out there that are doing this and it’s something as simple as that six or eight digit license plate number can give you access to all sorts of.

Okay. So to Carolyn’s point, because we are doing like this wonderful whack a mole firing across the universe of all of these nefarious things that can happen with a car. What you’re talking about, Eric, is another kind of social engineering, leveraging a license plate to be able to find out more about somebody.

But Carolyn, it depends on what the goal of the nefarious actor is. What if I had a crush on a beautiful woman that I met at the Dubliner in DC? I might want to find out more about her. I may want to find out where she lives, where she’s been [00:21:00] traveling, follow her habits. I probably might do that through a car.

It’s going to be less traceable than trying to follow your phone. So what, what am I after? Maybe I am after getting into some of your financial information and I want a social engineer to get there. How much can I get from your contacts? Maybe you have saved your bank information as a phone contact. A lot of people do that.

It depends on what that nefarious actor The thing I’m most scared about is actually the bad guys want to take control of the physical car, you know, accelerate it or stop it. Right. As opposed to damaging my privacy. We’re not seeing a lot of that yet. We’re not seeing a lot of that yet. Are we seeing it at all?

I believe we’re going to see bits of that on the horizon. Wait, wait, wait. Have we actually seen this in real life? As we go deeper into what’s known as fly by wire, where you have electronic throttle control, electronic braking, electronic steering assist, all these kinds of things, where you add the word electronic as a convenience rather than mechanical or hydraulic, you suddenly open the world up to more issues.

So you know which car [00:22:00] isn’t hackable? The car with hydraulic power steering, hydraulic brakes, and you run the throttle by a cable. You can’t hack that. So what you’ve just said is, I need a 1967 Mustang convertible. Yep, that’s what you just said. Or a 1985 Fox Body Mustang is still going to be in that same boat.

I have to look. I actually have an 88 Mercedes and that was right at the cusp when they started to add in a lot of electronics. So I have to look and see. I have never bothered to check because it’s just a summer ice cream car. Luckily your Mercedes is pre OBD2. So it’ll be an OBD 1 car. OBD 2 was introduced in 1993, and that’s where the floodgates really opened up.

That’s where they realized the potential of systems. They could integrate the CAN bus system. All that OBD 1 is still sort of like pins in the old computer boards, where you lose one pin and nothing works, but you can easily trace that electrical gremlin, the systems are still way more electromechanical.

Then they are digital, like in the later cars in the, in the mid [00:23:00] nineties and beyond. This is also why when you go to admissions these days, any car older than 1993, doesn’t go to admissions anymore because they don’t have a way to test it. There’s no way to read it with a computer. That’s another thing you plug in your car, at least in the DC area, every two years into a government computer system that they’re reading all sorts of data.

You don’t know what they’re even pulling down. And I don’t want to get into that, but it’s a real thing that’s happening. But let’s add another tangent on this just to scare the bejesus out of Carolyn. Now there are insurance companies and that are offering to you a little plug and you put it in. And it’s a way that they’re capturing your driving information, not saying that ways or Google maps or other things are not capturing how fast you’re going and where you’re going to.

But it’s capturing your driving and what they’re doing is you are actually approving them. You’re giving them access to that data so that they will lower your rate because you prove to them that you’re driving under a certain, you know, under certain thresholds. I’m always at the speed [00:24:00] limit or below. I haven’t been in any kind of fender benders.

The car hasn’t had any jolts. So in those cases. You’re actually approving somebody to get into your Wheaties and to know all your business. Yes. So Allstate and Progressive were doing that for a while. It was a dongle you actually plugged into the OBD2 port that would then transmit data back. And I was always like, yeah, I’ll pass.

Thank you very much. Correct. That’s where I was. And I didn’t even want it for my kids. I’m like, I want to know how fast they’re driving, but I really don’t want anybody. And our family’s Wheaties. So everybody out of my data pool. And one of the funniest stories, and this will be included in our show notes, actually comes from a racetrack experience with one of our previous guests, Andy Pilgrim, and it’s hilarious.

He’s test driving for a magazine, one of the brand new Corvettes and he’s on track. And OnStar keeps calling him saying, sir, we see that you’ve been in an accident. And he’s like, no, I’m fine. I’m, you know, I’m on a racetrack and he’ll hang up on him and then they’ll call back and they keep calling back.

And they’re like, sir, it says the car is upside down. He’s like, no, I’m on a racetrack. And you can see all the GoPros that he’s [00:25:00] out there testing this new Corvette. And he’s so funny about it. And so nice about it, but they’re like, just stop calling me for the next hour, because the car is. Fine, right? But all the G sensors, all the motions, all the suspension information was being sent to OnStar and they were getting a false positive that this car had been in a wreck.

Think about that. Then suddenly the cops show up or they’re chasing you or, you know, again, somebody is being dispatched. What if we get to a place where Big Brother’s like, no, you’re going too fast. We’re going to shut you down. It’s on the horizon. And think about that. He was on track at 150 miles an hour testing this Corvette and they shut him down.

And now he loses brakes. He loses everything because the car is off. That’s a dangerous situation to be in. But nowadays, to your point, Tracy, they’ve integrated a lot of that stuff into the cars directly from the factory. And there was a report. I mean, it’s hot within the last couple of weeks. They came from all places in Mozilla that I didn’t expect from.

It’s not one of my normal venues to grab automotive information, but they approached it from the cybersecurity perspective to talk about all the data that’s being collected in the car that [00:26:00] you’re unaware of, your braking points, how long you’re braking, you know, how you’re steering, how fast you’re going.

All those kinds of things are now being recorded in the more modern vehicles, especially these EVs, but the part that got scary, and I’m going to read this right from the article. It says they can collect deep personal data, such as sexual activity. What? Immigration status, race, facial expressions, weight, health, and genetic information while you’re driving.

Wait, how? Do you guys believe that? I do. Yeah. Yeah. How? I believe it. Well, every time you put a camera somewhere, you have the optical facial recognition software that can be manipulated. Immediately. Even if you’re streaming it. Remotely back to a data center somewhere in the cloud, you know, that data can be processed.

The weight and the health and that information is as simple as the digital wristwatches that everybody’s wearing. They can put those sensors in the seats. Think about it when you got in a car and if you put a heavy grocery bag on the passenger seat and it starts barking at you that you need to plug the seatbelt in and all that because of the airbag system, those [00:27:00] sensors are already there.

I was driving a car last week and I thought I was paying pretty good attention. But I had on all of the collision avoidance, we call those nannies. Yeah, well, you need to pull over, you need to get a cup of coffee. You need to pull over driver alert signal. So that type of thing, how is that being captured?

How is that going to be used? Right? There’s a lot of information that’s being captured about your. Behaviors by that car and we need to understand what the manufacturers are doing with it. Does it stay within the car or is there a possibility of that data being propagated out? Is it reporting that data back to Hertz or Enterprise?

So why do they want all this data? I have ideas. You tell me Tracy, why do they want it? Well, the optimist says, looking for trends to help keep us healthy, the pessimist says control. And the engineer in the room wants to collect data to build a better mousetrap, because if I think about it from a motorsports perspective, Control.

Well, it’s not necessarily control, it’s evolution. I don’t want to control the vehicle. What I want to know [00:28:00] is stopping distances. For an example, how much pressure is being applied? How fast is the car slowing down? Looking at the driving habits. This is no different than analyzing a race car’s driver’s performance.

They’re getting real world data from the car. So to Tracy’s point, to make things better for us. So where my mind went was. Data is the new oil, all that data is just building more advanced. It’s used to feed the AI engine that we can, there’s all kinds of scary that we can talk about on another episode.

That’s where I think, and probably one of the prime reasons that they want this data. And that’s where I track it back to. I just use the word control, Eric. Yeah. As an engineer, I want to collect everything that I can at all times. And. As somebody who’s been around the block for a while, I also know that data privacy is of utmost importance, especially the work that I do with government.

So that has allowed me personally to be a little bit more balanced about what I collect. I’m going to send us down a different avenue for a minute and just get your thoughts on the infrastructure bill that [00:29:00] includes a little bit of breathalyzer on the horizon for the U. S. Have you been following this?

Yeah, I’ve actually met different companies that have engineered those systems, how they’re integrated into the computers, how they work. We’re actually supposed to have one of them on the show to take a deeper dive into how that technology really works. And to your point, it’s going to be integrated into the HVAC systems, almost stealthily on a lot of cars.

I know GM is a big proponent and bringing those systems into their vehicles in the future, but it’s going to become standard issue. Like. Power windows and remote locks and things like that, where you’re not even going to be able to drive and operate a vehicle if it senses that you’re in any way inebriated or under the influence, I’m kind of okay with that.

And it really just. Works for alcohol until, and this is an extreme, it becomes an issue of maybe violence or a theft or a desperation where you’re like, I have to get home. So now I stole my neighbor’s car because it’s older, you know, even, you know, those kinds of things. Like, you [00:30:00] could extrapolate all sorts of use cases from this, but the immediate reaction is if you can’t drive home, you’re going to get angry.

And does that become violent? Does it become physical? Does it just become Call an Uber. Well, yeah, but you put someone behind the, in a car drunk. Now, all of a sudden, I mean, that car is a, ultimately a weapon. Oh, a hundred percent, but here’s where it ends up going. So it calls an Uber for you and you have to wait for the Uber to show up.

That same technology was proposed by Tesla for automatic maintenance refreshes. So it senses that your tires are getting lower, that you need brakes and it calls home to the dealership. Like right on the cost of a pair and a height for 51. I kid you not. Like that’s what we are. Oh my gosh. We are, we are the pessimist among me says, yes, we are.

The optimist among me says this is amazing advances for humanity. So don’t get me wrong. I love cars. I’ve been around cars since I was a kid and their evolution is amazing. They are just pieces of art. They’re pieces of complex engineering. There’s a lot that goes into a car and a [00:31:00] lot of people that make a car successful, whether it’s the most fabulous hyper car, or the most.

Economical small car on the road. There’s a lot of thought engineering and time and effort that goes into that. So I don’t want to shun people. It’s like, Oh, we should go back to horses and buggies. That’s what you’re really saying. Cause that’s the safest thing. No, it’s not true. The point is like anything else, whether it’s a laptop or a tablet or a smartphone or any other digital device is to just.

Do your due diligence, be aware, be vigilant of what you’re connecting to, how you’re connecting to and how you’re interacting with these platforms. And in the old days, cars were not at the forefront of the attack surface. And now as we become more and more digital, we are introducing them into a very complex and open world.

To that point, you guys, with all the data that these cars are collecting. What kind of security is in place in the cars? Like, is it kind of an afterthought? We can do all this advanced stuff with the cars. Why can’t we bake some security into to protect people like me? And Tracy, correct me if I’m wrong, cars are not considered right now, an end point device.

[00:32:00] It’s not like you’re going to throw a normal antivirus on there or something like that. Some sort of tenable or even something like Dynatrace. You’re not doing application performance monitoring on a vehicle. Yet. So what we have to do is focus back on the data centers, making sure that they’re secure, making sure that the lines of communication are encrypted from end to end, making sure that good development practices are put in place when a software patch is put out.

We don’t wanna render a car useless, obviously, they goes through strenuous q and a on cars compared to a lot of other software. We voice stuff on people as beta. Tying up the loose ends at the control center, making sure that Toyota and General Motors and Tesla, they’re doing their due diligence to keep not only their customers, but the passengers, the fallout of the customer, whether it’s family, friends, the Uber driver, whatever it is.

Making sure that they’re safe, they’re doing everything they can to ensure that that end point device is secure. They have been hyper focused on keeping us safe from a physical perspective. Now we’re talking about extending that into the cyber realm. And [00:33:00] that is a change, right? They have been creating good software and they have strong software practices that were not necessarily focused on the cybersecurity of the software.

It was the efficiency and effectiveness and reliability of the software. Those are important things, but we have to add in that additional domain now. And so to your point, doesn’t matter who it is, they need to be thinking about this. It opens up a world though, of older cars, just like people have older routers and there are patches that people are not thinking about it.

They’ve stopped being updated. And 2018 was last time that particular wireless router was supported. Those things are still hackable. So we’re going to have some interesting in between times where we’ve got decades of technology. We’re going to have years of different kinds of automobiles that are going to have different types of susceptibility.

The most important thing for us as the end user, right? As the car owner or the rider in a car, the passenger in a car is thinking about. What you’re giving the car permission to do. What are [00:34:00] ways that that car is getting data about you without your permission? So if you’re thinking about those two things, what am I giving it permission for?

Am I syncing my phone over the air? Am I providing codes? Am I doing anything else? Or is it collecting information about me? Multiple different cars to Eric’s point, collect information about you in a host of different ways and the newer the car, the more you see that the car is a little data center.

That oftentimes is connected to a big data center. And what does that communication look like? And how is that data being leveraged? It’s as almost almost as though we need a. Mm. A car data Bill of Rights. I like that. That’s really good. So again, we could go down so many different rabbit holes on this.

There’s more to explore on this particular topic, but I think basically at the end of this is just be careful what you do and what you sync with. Let’s leave our listeners with some just basic tips. So number one tip is if you’re going to hook up to a rental car, use a cable. Which I always carry a cable with me anyway, because I’m [00:35:00] too technically inept most of the time to make the connection.

So I always know that the cable is going to work. I’m glad to know I’ve been doing like safe hygiene there. What else? Whether you’re synced or not, don’t hit the home capability within your phone. I do that almost every day. So don’t tell it to take you home. Put in your address, especially if it’s your own car.

That’s one thing. But if it’s especially if it’s a rental, don’t do it there. Google prompted me to do that. Like, they want you to like, what are your favorites? And what do you want to name them? You know, so it’s convenient. It is it is, as we said before, take just a moment. It doesn’t have to be a science fair project.

Take a moment to understand your car. What are the capabilities of your car? Do you have an old school CD player, right? Six stack CD player, or do you have a digital display? That’s going to give you a little bit of an indicator of where you are on the automation scale, where you are in the computerization scale.

I’m sure that Eric has resources that he can share with us to kind of help us [00:36:00] figure out. I’ve got a, a 1998. I’ve got a 1988, I’ve got a 2008. I’ve got a 2018. Where are you on that growth spectrum of connectivity. At the end of the day, don’t approve the sending of your data without thinking about it first.

Just don’t allow it to be taken from you without you approving it. Eric, what do you think? The best place to start is by reading your vehicle’s owner’s manual because there are steps in there on how to sync, how to unsync, how to purge, how to clear data, and it’s gonna be different for every vehicle.

Families of vehicles will share similar setups and configurations because like Tracy talked about, they’re getting components from certain manufacturers. All these radios and Toyotas are made by Pioneer. Well, Pioneer is going to have a certain way to purge the data. Read that owner’s manual because we’re not going to be able to answer, well, I have a 19, whatever Porsche, how do I do it?

Read the owner’s manual. That’s going to be your gospel in terms of how to take those steps. You might learn something else along the way, but start with And if you Are getting a rental car and you find that I need to connect or pull data, [00:37:00] pull the owner’s manual out of the glove box. It’s still there and learn the quick steps.

It should only take about 20 seconds to go in and purge your phone. Don’t worry about everybody else’s at least purge yours. I just got a rental car and there was no owner’s manual. You can look them up online. You can look them up online. That’s true. You can, if you’re in a place where there’s connectivity, it just so happens that I was kind of, I was in a dead zone.

I was in the middle of a national park and there was no, like, I couldn’t search engine anything. I couldn’t ask some generative AI for help. If you’re in a jam like that, when you return it to Hertz or Enterprise or Alamo or wherever you borrowed it from, talk to one of the clerks there before you hand over the keys.

Hopefully you have some extra time. If you’re pressed to go to the airport or something like that, it might be a little challenging, but say, Hey, can you help me remove this data from the car, can you help me purge it or make sure that they take care of it? Again, we’ve all picked up rental cars before going, wow, there’s a lot of data on this system.

We’ve got to continue this conversation another day, because we’re just going to keep going at it. I hope that [00:38:00] we have served our Halloween purpose in scaring the bejesus out of people. Eric, I got to ask you this question. Wouldn’t it be fun to have this conversation and have two additional guests if they were still around Tom and Ray Mariazzi, Dip and Tap, the Tackle Brothers.

Can you imagine having this with the Car Talk guys? I loved that show. You guys loved it. They were so funny. And honest and authentic and entertaining. That’s right. Yeah. And hopefully we have hit maybe five to 10 percent of their amazingness with today’s podcast. If you want some more of that amazingness, you can always hop over to break fix podcast, where our goal is to capture the living history of Folks throughout the autosphere, whether it’s engineers, designers, pro drivers, and everything in between, you can learn about deep dives in technology, like we’re talking about today, or you can get some inspiring stories about how you could find a job in the automotive industry as well.

So our catalog is huge, it’s deep, and you will find something interesting, whether you’re interested in cars or not. Thank you, Eric, for taking time to share [00:39:00] your insights with us to give us a truly scary. Halloween episode, you and Tracy both did a great job of just making me tired and scared and just like, Ugh, I just want everything done for me.

I need people is what I need, but thank you listeners for joining tech transforms, break, fix crossover today, happy Halloween, and we will talk to you next week on tech transforms. Bye. Thanks guys. And we’re out.

We hope you enjoyed another awesome episode of Brake Fix Podcast brought to you by Gran Touring Motorsports. If you’d like to be a guest on the show or get involved, be sure to follow us on all social media platforms at Gran Touring Motorsports. And if you’d like to learn more about the content of this episode, be sure to check out the follow on article at gtmotorsports.

org. We remain a commercial free and no annual fees organization through our sponsors, but [00:40:00] also through the generous support of our fans, families, and friends through Patreon. For as little as 2. 50 a month, you can get access to more behind the scenes action, additional Pit Stop minisodes, and other VIP goodies, as well as keeping our team of creators Fed on their strict diet of fig Newtons, gummy bears, and monster.

So consider signing up for Patreon today at www. patreon. com forward slash GT motorsports, and remember without you, none of this would be possible.

Bonus content available as a #PITSTOP mini-sode.

Consider becoming a GTM Patreon Supporter and get behind the scenes content and schwag!