Thursday, June 13, 2024

When auto apps threaten your privacy

Must read

Alan Binder
Alan Binder
"Alcohol scholar. Twitter lover. Zombieaholic. Hipster-friendly coffee fanatic."

I had the app that came with an app on my phone [avec laquelle] I can open the doors and leave the car […] This is a must have app for all cars. »

Quote from Jill philo

Jill Filo and his new car.

Photo: Gil Filo

Application in question: MYCADDILAC, an application developed by OnStar, a subsidiary of General Motors.

This application not only allows you to start the car remotely, but also allows you to know the condition of the car and the required maintenance: oil change, tire pressure, fuel level, mileage, etc. It also allows you to geolocate your vehicle at all times, regardless of distance. All this thanks to cellular connectivity.

Always On App

Last summer, Gilles Veilleux decided to sell his Cadillac and forgot about the app. After a few weeks, he realized that the app was still on his phone. Out of curiosity, we clicked on the icon. The application is still active.

I wasn’t waiting for this. I thought it was back to the franchisor, the order was about to land. At some point I clicked that, and found the car, oops. The car was leaving […] On the highway, direction: United States. »

Quote from Jill philo
Jill Philo holds a cell phone in his hands.

Gilles Veilleux demonstrates how he can remotely control some of the controls in his Cadillac Escalade.

Photo: Radio Canada

He can track his old SUV, in real time, traveling hundreds of miles before it ends up at a used car dealership in St. Louis, Missouri. Then I searched the inventory and finally found my truck in the showroom.

After a few weeks, the car is moving again. Jill Philo concludes that a new owner is driving a Cadillac. He continues to receive notifications on his phone.

This app should not fall into the hands of some kind of criminal because it can go too far. »

Quote from Jill philo

security breach

Céline Castets-Renard, of the Research Chair in Artificial Intelligence at the University of Ottawa, sees this story as a major security breach.

There are many studies that show that with two or three geolocation data, being identified, we can learn a lot about our lives, our intimacy, and our habits. […] It can go very far. »

Quote from Celine Castets-Renard, Research Chair in Responsible Artificial Intelligence, University of Ottawa

It is the right to privacy itself, a fundamental right, to which these new technologies can be seriously compromised. According to Professor Castets-Renard, the risk of being pursued or exposing our place of worship or the school our children attend is information that could put us or our loved ones at risk.

A car that starts at a distance of more than 2000 km

We go to St. Louis, Missouri, to meet the new owner, who knows nothing of this story and does not know that his privacy is being compromised by an app that is still active.

In collaboration with Gilles Veilleux in Beauce, we locate the vehicle in real time. In front of a 70-unit building, it is impossible to knock on all the doors. But luck is smiling at us. We came across new owners of Cadillac cars. The Fraction-Williams family, on their way to breakfast.

The Williams Fractures Family.

The Fraction-Williams family learns with astonishment that their vehicle can be inspected from Canada.

Photo: Radio Canada

They were astonished when we told them that the previous owner could still exercise some control over the white Cadillac. It’s terrifyingMarkeyta Williams launches.

The new owners allow us to make a demonstration. Live from Beauce, Gilles Veilleux pushes the button. Immediately, the headlights are lit and the Cadillac starts. With the simple flick of your fingertip on a cell phone more than 2,000 kilometers from St. Louis.

The new owners are in shock.

Gorgeous! It’s incredible! It’s incredible! I am so surprised! I don’t know who’s responsible, but that’s not good. »

Quote from Ronald part junior.

That rendering is sobering, given that about 50% of models leaving factories around the world are connected cars, according to consultancy McKinsey. Almost all new cars, 95%, will be by 2030.

See also  The Minion: Costumes banned in British cinemas

questionable practice

The dealer who sold the car to the Fraction-Williams family did not return our calls or emails. It’s impossible to know why the app wasn’t deactivated before the new owners took over the Cadillac.

Already, we can expect that by selling the car, the application simply will not work. »

Quote from Celine Castets-Renard, Research Chair in Responsible Artificial Intelligence, University of Ottawa

GM, the ultimate outlet for OnStar, declined our interview request and instead emailed us a short statement.

GM takes the privacy of customer data very seriously and has procedures in place […] Ensure that the customer will notify GM when a sale or transfer occurs. »

Quote from Natalie Nankel, General Motors Canada

These actions are dictated by the OnStar App Terms of Service. In particular, it stipulates that the owner is obligated to To notify General Motors if the vehicle is sold or transferred and […] And uninstall the program […] related to this vehicle.

And General Motors is no exception. Other car manufacturers impose similar terms of use and also require their customers to notify them as soon as there is a change of ownership.

We consider we reported it because we put a small streak in a huge contract. It’s a bit easy for companies and sellers to let go of their responsibilities on top of the consumer. »

Quote from Celine Castets-Renard, Research Chair in Responsible Artificial Intelligence, University of Ottawa

Gilles Veilleux was unaware that he was required to contact GM to cancel his subscription or that he was asked to uninstall his app.

Long terms […] Often we [les] Accept to be able to continue. But from there to read it, and then finally say, it was my responsibility […] I didn’t know thatsays Gilles Philo.

See also  Anti-abortion activists demonstrate in Ottawa

According to Dennis Gingras, director of the Vehicle Intelligence Laboratory at the University of Sherbrooke, there are technical solutions that would make it possible to close this breach, by verifying the identity of the owner, for example.

If we put programmers and analysts, if we put specialists and engineers on the problem, we will solve it […]. The problem, in my opinion, is at the level of complexity with different organizations and stakeholders […]. It is a political-legislative problem. »

Quote from Dennis Gingras, Director of the Vehicle Intelligence Laboratory at the University of Sherbrooke
Dennis Gingrass's photo.

Dennis Gingras, Director of the Vehicle Intelligence Laboratory at the University of Sherbrooke

Photo: Radio Canada

Since smart cars have different characteristics and are connected to varying degrees, Dennis Gingras believes that it will be necessary for every car to have some type of CV, particularly useful at the time of sale.

SAAQ must have and select a vehicle profile [si] All conditions are met so that the confidentiality of information, the ability to control the vehicle remotely, all these aspects correctly, to avoid this kind of defect. »

Quote from Dennis Gingras, Director of the Vehicle Intelligence Laboratory at the University of Sherbrooke
Cadillac cars.

The “Canadian” Cadillac that ended up in the United States.

Photo: Radio Canada

A story that ends well

The Fraction-Williams family is still in shock two weeks after our quick visit to Saint Louis, but consider themselves lucky to have been alerted.

We are very happy to inform us of this. We wouldn’t know otherwise. »

Quote from Marketa Williams

After the demo, Ronald Fraction got in his car and called OnStar to deactivate the previous owner’s account and open a new one in his name.

Annie Huddon-Frico and Frans Larroque report invoice Tuesday at 7:30 pm and Saturday at 12:30 pm at ICI Télé.

Latest article