Back on August 31 I received an email from the Department of Homeland Security about a set of FTC recommendations for people using rental cars. I have experienced this issue myself. Basically, it is simple and relatively convenient to connect a smartphone to the smart vehicle’s infotainment system in order to enjoy hands free phone calls, stored musical tracks, and the phone’s navigation application. The problem is that the car will ask for permissions to download information such as your phone contacts and other personal information.
Here are the FTC recommendations:
- Charging – Use a cigarette lighter adapter instead of a USB cord if you are only charging the phone. This keeps the phone from connecting to the infotainment system.
- Permissions – If you are planning to connect your phone, watch the permissions that the system asks for. If you are planning to use the navigation app, the phone will need your location information, by the car really should not. Do not download your contacts to the car, or any other personal information.
- Delete Settings – Before returning the car make sure to delete the phone paring. Check the owner’s manual for detailed instruction on how to delete your information if necessary, or ask the rental company for instructions.
Leaving this information behind means that it will be available to future car renters, rental company employees, and even cyber-criminals or identity thieves. All data has resale value on the Dark Web, including infotainment system data dumps. Do not leave yourself or your contacts at risk by neglecting this important step
ShareOCT
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com