Many used cars could hold trove of sensitive data says watchdog
Up to four in five drivers risk inadvertently giving away personal information such as contact numbers, home addresses and even wifi details because they are taking insufficient action to delete sensitive personal details from their cars before selling them, according to new Which? research.
In a survey of more than 14,000 car owners who had sold their car in the last two years, the consumer champion found that many had synchronised their phone to their vehicles and some had downloaded the car’s accompanying app. But not everyone went on to take all the necessary steps to erase their personal information from the car’s operating systems when they sold the car.
Which? found that more than half (54%) had synced a phone to the car using Bluetooth or USB. Pairing a smartphone with a car will mean that drivers could play their own music, download their contacts and messages, get live traffic and navigation information and make hands free calls or send messages.
While this may be convenient, unless the phone is later disconnected, the account deleted and downloaded information erased, this data could be viewed by the next owner and potentially every owner thereafter.
However, the survey revealed that one in two (51%) drivers had not tried to unsync their phone before parting with the car and worryingly a third (31%) of respondents said they took no action at all to remove their personal information from the car.
Four out of five (79%) vehicle owners did not follow instructions in the car manual to remove data and return the car to its factory settings before they sold it, despite this being the best way to make sure no personal details are left on the operating system.
Without being actively wiped from the system, the car could retain all of the downloaded information from the phone and give someone else access to the previous owner’s personal messages and GPS information as well as saved contact numbers and addresses.
Some modern cars also have apps that may let the app owner track the car’s location, unlock the doors and even stop and start the car’s engine – so it is important that previous owners revoke their app’s access to the car they sold.
Which? found that while only one in eight (13%) of the drivers who had recently sold their car had downloaded this type of app, an alarming proportion who did so (68%) had not followed instructions to remove all this information from their car.
While deleting the app from the phone typically won’t actually revoke the access, half (50%) of those who had downloaded the app have not deleted it since selling the car.
Cars that are sold today collect vast quantities of data, and this can result in extra functionality that is very useful for drivers.
However, Which? is concerned that the high number of drivers who are failing to take action to erase their data when the car is sold suggests they are not being given enough information about what is being collected when they sync their phones or download an app, and the importance of eradicating the data.
Which? experts advise that consumers who have synced their phone or downloaded the app should follow instructions to delete all data from the car. Those who download a companion app, must revoke access from within the car itself – just deleting the app on a phone does not break the link.
Which? believes that when it comes to connected technology, user data and information should be a serious consideration in developing new systems and capabilities.
Manufacturers should also do all they can to ensure it is easy for motorists to erase their personal data from operating systems when selling their car and that they are made fully aware of the risks if this does not happen.
Harry Rose, Editor of Which? Magazine, said: “If cars are not treated the same as a smartphone, tablet or other connected devices when it comes to data security, motorists risk giving away a treasure trove of information about themselves when they decide to sell their car.
“Manufacturers must do much more to prioritise customers’ personal privacy so that drivers fully understand how much data their vehicle could be harbouring and how to delete this information in order to eradicate these risks.”