Bluetooth Privacy Highlights Need for OTA Cybersecurity

Movimento Press Blog

Leaving something in a rental car used to be an irritant, not a potentially life-altering disaster. Even forgetting your own car keys in the driver’s seat was annoying but not much of a problem—it was not as if the next person to use the car would find them and attempt to unlock every vehicle in the city until locating yours.

However, there is a growing concern that rental cars now bring with them a larger danger through their Bluetooth connectivity, which stores the information of any user who connects to it and could potentially be the gateway to identity theft.

To address this threat, OEMs and fleet managers must heighten cybersecurity without losing the connectivity benefits that customers expect. Being able to provide security and convenience in rental cars is a value-added service, as we move toward a post-ownership fleet model.

The Potential Dangers of Bluetooth in Rental Cars

The average rental car is in the field for about 21 months. This means that a fleet is essentially turned over every two years. And increasingly, every new car, rental or otherwise, will be a connected car with Bluetooth features. This makes sense, of course: consumers want to use the onboard infotainment system to make hands-free calls, to get directions, and to listen to music. Even if someone is just charging their phone, they’re likely to do so through a connected USB.

The problem arises when you connect your phone to your car’s Bluetooth and the system potentially stores your contacts. It can even store contact logs and anything else you have looked up. This is convenient, but it means that the information is still in the car even after you have unplugged your device and returned the car. And since people frequently return their rentals midway through a rush to the airport, they rarely remember to go into the menu to delete their information. In that case, the next person to use the vehicle can access the previous driver’s contact details, travel locations, and much more.

It is worrisome, but this is not to say that a man who rents a car for a weekend is going to see the information and turn to a life of crime. Still, the information is there and could eventually be targeted by cybercriminals who might rent cars just to see what information they can find.

Even more ominously, there is the potential to upload viruses into the Bluetooth system, which could then be downloaded by any connected phone, breaching security and allowing cybercriminals to access much detailed personal information.

Implications for the Fleet Model

Needless to say, the problem needs to be addressed by OEMs, especially as the ‘rental’ model becomes more prevalent. Once self-driving and semi-autonomous cars arrive, more people will use them on a short-term basis, calling them up when they have to go somewhere before turning them over to the next passenger.

And when you get right down to it, the fleet model, regardless of whether the cars are owned by OEMs or independent operators, is based on a series of micro-rentals. In terms of ownership, it is no different than a Hertz counter.

And while passengers are in these rented cars, there is little doubt that they will still want to be connected. If the perceived risk is great enough, however, the whole idea of privacy and security in a connected, short-term ride could be compromised, leaving fewer consumers willing to embrace this model.

OTA-Enhanced Cybersecurity Can Protect Against Compromised Connectivity

Luckily, there are ways to prevent this scenario. Connected cars can rely on a cloud-based cybersecurity system in which threats are instantly detected and neutralized. If someone is trying to upload a virus, they can be stopped via a security override, and every car in the fleet can then be warned of the threat and be protected against similar assaults.

As cybersecurity continues to be refined, we will also need a way for Bluetooth systems to easily and quickly wipe information from previous users. Once this technology has been developed, patches can be sent out over-the-air so that every car in a fleet has the same level of security, regardless of make or model and without the need for a recall.

Infotainment systems are among the most used and most vulnerable parts of the connected car, but as they get stronger, consumer confidence will increase and the fleet model will become even more attractive. Over-the-air software updates that improve the security of these connected infotainment systems can keep models on the road for years without being compromised.

A driver might use a rental car for 20 minutes to get across town, or for a week on a family vacation, but when they are done, all their private information should be gone as well. It is the kind of security that OEMs must own.

At Movimento, we take security seriously – not only do our products implement the latest protection mechanisms, we work with partners to provide our customers with the very best in technology to ensure a seamless and secure experience. To learn more about the solutions, connect with us today.

Subscribe to our newsletter