196
Privacy on Cars. How to stop data collection and transmission?
(discuss.tchncs.de)
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
If you drive a Toyota and the infotainment system has a "DCM" icon in the corner, your driving habits and location are being recorded to their servers.
E: this is happening via their own cellular modem built into the vehicle, with its own separate SIM or eSIM. Getting at the module seems to require access behind the dash, almost purposely making it difficult. Pulling the fuse will kill the front passenger-side speaker, though there are YouTube vids on how to reactivate the speaker while keeping the DCM module dead.
How are they connecting to the server, though the connected phone's data via Bluetooth, carplay or satellites?
The people saying it uses your phone's Internet connection are incorrect. The vehicles have built in cellular modems and connect directly. The OEMs negotiate cellular contracts to provide service in their vehicles with ATT, Verizon, etc.
Features like remote locking/unlocking, etc. would not work if it relied on being connected to a phone.
There was a Defcon talk a few years ago (oh god it was 8 years ago) where someone found a way mess with Chryslers because they were all on the Sprint wireless network. Things like lock out the physical controls on the radio then max out the volume, or turn it into a GPS tracker, or disable the brakes! The cars had some service listening on port 6667, there was no way to stop them from accepting malicious connections so Sprint just blocked all traffic on that port on their network at the request of Chrysler. The speaker mentioned they were sorry if you were unable to use IRC any more on Sprint wireless.
DEF CON 23 - Charlie Miller & Chris Valasek - Remote Exploitation of an Unaltered Passenger Vehicle