Your car knows secrets about you. Here’s how to protect yourself

An infotainment screen inside an Audi e-Tron.
An infotainment screen inside an Audi e-Tron. (Marlene Awaad/Bloomberg/Getty Images)

Cars increasingly resemble a smartphone on wheels, storing personal information such as our location, how we drive, who we talk to and how to reach them. Some even hold a way to join our home WiFi network. If you've ever sold an old smartphone or laptop, you probably thought to wipe the hard drive first, to protect your privacy. When we sell a car, or return a rental car, a similar thought may not cross our minds, but cybersecurity experts say it should.

This month a security researcher described buying old Tesla infotainment systems online and finding personal information such as the home addresses and WiFi passwords of the previous owners. The news was first reported by InsideEvs. Searches of eBay reveal that infotainment systems from brands such as BMW, Ford, Cadillac and Mercedes-Benz are currently available for sale.

"This isn't just a Tesla thing, it's every single infotainment system," said Justin Schorr, president of DJS Associates, a vehicle forensics firm that reconstructs crashes using on-board data. "Think of all the vehicles with screens, this is ubiquitous almost."

Prior research has also shown how personal information is stored on cars and can be accessed by hackers. Tesla did not respond to a request for a comment.

Infotainment systems have become common on vehicles in the last decade. They collect data, which can include our smartphone's contacts, emails, call history logs, photos and text messages. There aren't well-known examples of concerning uses of this data when taken from cars, but personal data has been misused when gathered from other sources. Our vehicles may be the next vulnerability that's exploited.

"Everything that can be used for a nefarious purpose, will eventually be found by a nefarious person and used for a nefarious purpose," Schorr said. "If you pair your phone with a rental car, and that car gets in a crash two years later, personal information about you could be pulled off it."

Generally, specialized skills and training are required to access a car's infotainment system and all of the data stored on it. A car's dashboard may need to be removed to access the system.

But that hasn't stopped infotainment systems from being available on websites such as eBay. They're often sold by companies that buy old vehicles and sell their parts.