Shock Land Rover Discovery: Sellers could meddle with connected cars if not unbound Both data and the online controls on "connected cars" from Jaguar Land Rover remain available to previous owners, according to security experts and owners of the upmarket vehicles. The car maker has defended its privacy safeguards and security of its InControl tech. El Reg began investigating the issue after talking to Matt …
> It is important to note that when the initial customer accepts the terms and conditions of Remote Premium services that they are agreeing to unbind the vehicle from themselves when they sell it on.
So the previous owner has agreed to a set of terms and conditions with ... whom? I don't think it's the dealership and it's certainly not any future owner of the car. Presumably with JLR (but possibly a 3rd party app owner??). In which case how do they propose to enforce the agreement (T&C) they have with the previous owner? It sure as heck isn't the new owner's responsibility to enforce that agreement!
Re: So the previous owner has agreed to a set of terms and conditions with ... whom? I don't think it's the dealership and it's certainly not any future owner of the car.So the previous owner has agreed to a set of terms and conditions with ... whom? I don't think it's the dealership and it's certainly not any future owner of the car.
Well if you buy a new car or a second hand car, through a dealer, effectively agree to two contracts: firstly with the manufacturer (eg. warranties) and secondly with the dealer for servicing etc.
Remember one of the reasons dealers 'partner' with manufacturers is because it gives them a better business potential, so they aren't looking at the single new car sale but at the n-years of servicing etc. that will follow.
One of the things I discovered about the Vauxhall scheme was that a car was registered to both its owner and to a dealership, specifically the dealership who sold the car to the customer. Thus if the original customer traded their car in at the dealership that originally supplied it, the online account termination process works. However, if the customer sells the car elsewhere, both their account and the dealers' control of it continues. Walk into another dealership and you find that they can't do anything (wrt account management), because the account is still owned. In saying the above nothing stops you from using the car and having it serviced wherever, just that if you want to take advantage of the online account and the benefits it gives, you have to unravel the online account ownership and transfer issue.
Sheesh! There's always one.
Perhaps you are getting yourself confused by the OP saying "one zero out" and thinking that a zero needs to be removed but removing a zero leaves a space. Like that is really going to work in that the pin now has a space in it.
00000
00_00
See?
Fine... Have it your way but you have just proved my point. Neither I or anyone else would be able to easily tell which zero you removed.
Anyway my methodology is also much more secure than yours since you can only remove one of five zeroes whereas I have six places where I can add a zero.
> JLR needs a bullet-proof method for this to be automatically disconnected when the vehicle changes hands. I don't know how you do this but the current process is clearly not sufficient."
There is a bullet-proof method. It's called 'reminding' JLR that they can be fined up to 4% of global revenue because they are a data processor, processing personal information about you (your home address for starters) and allowing that information to be passed to an unknown 3rd party without your consent and without a clear business need.
If they don't act immediately you can also 'remind' them that you can start a private prosecution - no need to wait for the ICO to review and take up your case.
"no need to wait for the ICO to review and take up your case."
So when will we start seeing an army of no win no fee ambulance chasing law firm advertisements?
Until they start showing up, there's no evidence this ICO/GDPR process is working (for those affected), surely?
Actually all they need is a functionality similar to Tesla. Go to Backup and Reset and select Factory Data Reset. Car is completely reset and new user can register.
Oh, they still retain all the previous user's data on their CRM? Naught JLR - have a 4% of turnover fine.
"JLR needs a bullet-proof method for this to be automatically disconnected when the vehicle changes hands. I don't know how you do this..."
This is an unreasonable demand to make of JLR because any such automatic bullet-proof method would be dependent upon a similarly bullet-proof system/process whereby JLR is informed of the sale of any of their vehicles, including private sales.
I don't know how you do this...
No, and neither does anyone else, because it would require a legal obligation on the part of the seller of a vehicle to notify the manufacturer of that vehicle when it is sold, for without such an obligation upon the seller there would be no means for the manufacturer to receive notice of the sale and transfer of ownership.
And that's the problem with simplistic remedies like: "There is a bullet-proof method. It's called 'reminding' JLR that they can be fined up to 4% of global revenue..."
Whilst there's clearly a problem here it's not simply down to the manufacturer, despite all the outrage and simplistic but flawed solutions.
as macjules said above:
"Actually all they need is a functionality similar to Tesla. Go to Backup and Reset and select Factory Data Reset. Car is completely reset and new user can register."
That seems to be a simple and reasonable solution.
The problem of someone, a valet or whomever, resetting this functionality while in the car is more difficult. It's a little like having guests or new acquaintances in your house. You hope and expect they're not going to be malicious.
My personal preference would be to have none of tracking/"functionality" in the car in the first place.
It's very much like activation lock on phones. If a previous owner doesn't "log out of itunes" or whatever the equivalent it, then it remains locked to the account of that previous owner.
In days gone by it would be no effort at all to sell a car but retain a key copy, so you can go and help yourself to that car at any time it's unattended. Anyone going to do anything about that?
It's completely their responsiblity though. This isn't a bolt out of the blue revelation, it's something they were fully aware of throughout the development of this system. They were fully aware that people sell cars. If they didn't put in place a robust mechanism to deal with this fact then they are at fault.
Having taken over a Vauxhall, I can see big issues concerning the transfer of the online information associated with secondhand vehicles. Whilst DVLC were quite happy to accept a signed V5C as proof of change of ownership.
Getting Vauxhall to accept that I was the new owner of the vehicle, now sitting on to the forecourt of one of their dealers, and said dealer had seen my V5C and proof of Id/address etc. and so grant me access to the online service history and other useful information and benefits associated with said vehicle - which Vauxhall say on their website can be achieved by simply completing a web form...
Expecting the current owner when selling their vehicle to do anything more than complete the V5C is a recipe for trouble.
It won't be long before there's a SORN-like online process for transfer of ownership. The V5C should be an online document in this day and age, and there's no reason you can't have it tie into a Government Gateway account or similar like driving licences/passports do.
Proof of ownership is then no different to the hire-car-codes for licensing. You generate a code, give that to the organisation asking for proof of ownership, they don't get all your details but have a proof that it MUST be you it's registered to.
There's already electronic querying of finance status, write-off, insurance status, MOT status, driving licences, etc. Online car registration is just the next logical step. In fact, you can already do it: https://www.gov.uk/sold-bought-vehicle but it's the bit about proving it that needs to be added.
Their incentive? With electronic registration, no more "no logbook" / "logbooks in the post" kind of sales , hoping that the seller sent it off in time, etc. - you just do it there and then with your smartphones, from the literal second of ownership. Which means they get the right person when you go through a camera with a brand new car.
This post has been deleted by its author
>It won't be long before there's a SORN-like online process for transfer of ownership.
There already is, I used it to take ownership of this vehicle earlier this year. Although they still want to see the paper copy returned with a signature in real ink on it and will send out a new paper V5C as confirmation.
This post has been deleted by its author
In 2016, a security researcher demonstrated turning heating on and off (As well are reading battery levels) across the internet on the Nissan Leaf, mostly by knowing the VIN.
online service history and other useful information and benefits associated with said vehicle
Hate to spoil the party, but that service history may inadvertently contain information which personally identifies the previous owner and should require their consent. Example - car fails to start, major fault towed from the driveway to the dealer (happened twice to my neighbour's son). I would be surprised if the traces of that in the service history have been fully scrubbed from all personally identifiable details as required by GDPR
Like it or not, the V5C transfer procedure is becoming woefully inadequate in the day and age of connected vehicles.
In fact, we are rapidly approaching a moment when the V5C is the last part in the sales. Un/Re-registering everything related to the data leaching and connectivity to the new owner will be going before that.
>Example - car fails to start, major fault towed from the driveway to the dealer (happened twice to my neighbour's son). I would be surprised if the traces of that in the service history have been fully scrubbed
From the information you provided, even knowing the dealership who repaired the vehicle was Monty's of Hereford, you would be had pushed to identify a person; naturally, if I'm buying the car off you, I would easily be able to determine your contributions to the service history, that is unavoidable.
However, given you would have consented to data collection and the sharing of data with selected third-parties at the time of sign-up/vehicle purchase...
A friend was driving his BMW X-something recently, on the motorway. He got a phone call on his hands-free infotainment system; “good morning Dr. D., we’ve noticed that it’s about time to change your brake-pads. We do have a slot tomorrow at 2pm if you’d like” this call came from the local city‘s big beemer dealership. They seemingly received live telemetry the second that an amber light came on, my colleague only noticed his dashboard display warning/advising about brakes after the phone-call. He was certain that there were no alarms at the start of his journey. Westinghouse brake & signal company SCADA with remote terminal management comes to cars! Dr. D. immediately booked a brake pad replacement at anywhere other than the city’s main-dealer.
They are probably using the E-911/E-112 channel etc
One thing about a 1973 Series III diesel landy is that it not only Carrington event immune, but also lacks any SCADA telemetry, for good or ill?
Car manufacturers must put a "disconnect car from current account" function within the vehicle itself so that the new owner can do the disconnect before driving a single metre after buying the car.
If there is a concern about theft then the back end for the function can be made more complex: still collect the data but prevent the previous owner from accessing the data or controlling anything. The police can still have access to the data (for example with a warrant) but the previous owner does not unless they go through a process to reclaim the car (disputing that ownership has been transferred). Meanwhile, the person with control of the car immediately has full access and control (although only to data from the moment of claiming the account).
It is not reasonable to require any co-operation from the previous owner, nor to allow any access from one of the users to data about the other's usage, nor any complex process of proving ownership to a third party such as JLR or a dealer (control of the car should be sufficient). The tiny number of cases of theft or disputed ownership would be the cases which have the complex process, probably involving a court.
Which would be nice, but InControl has the ability to work as a stolen vehicle tracker. Enabling the current person in the car to disable this kind of defeats the purpose.
How JLR is supposed to know the vehicle has changed hands outside of its dealer network is beyond me, in the event he was able to get this resolved after contacting a JLR dealer.
> Enabling the current person in the car to disable this kind of defeats the purpose.
Push and hold button for ten seconds, car connects to server. If not registered, follow existing procedure. If registered, fire emails/phonecalls to current registered owner to get confirmation of account deletion. No response, do nothing. Repeat attempts generates intervention from a meat sack to work out what's going on (e.g. if previous owner has died, and other edge cases)
When you buy a 2nd hand car, just keep pressing the button every day until it registers. If I just had to 'click here to login and confirm', it would be easier than remembering where I put the booklet with the URL in (probably the glove box anyway).
Sure, there's still the case where a thief nicks your phone and keys, but I'm sure the existing tracking can cope with that.
> Enabling the current person in the car to disable this kind of defeats the purpose.
As per the OP you are replying to (emphasis mine):
If there is a concern about theft then the back end for the function can be made more complex: still collect the data but prevent the previous owner from accessing the data or controlling anything. The police can still have access to the data (for example with a warrant) but the previous owner does not unless they go through a process to reclaim the car (disputing that ownership has been transferred).
A lovely sentiment but if this is the 3rd/4th owner then how do you backtrack to find the one that the car is bound to? As mentioned, you cannot rely on the V5 to hold all the previous keeper details so how is Joe Public supposed to go about this?
The proper, and in fact only, solution is for there to be the disconnect button #Graham Cobb suggests.
>The proper, and in fact only, solution is for there to be the disconnect button #Graham Cobb suggests.
Not needed, the data is already available from DVLA, however DVLA charge for this records checking service...
I suspect the real problem is with the manufacturers own systems not being able to easily handle this natural transfer ofownership.
I suspect the real problem is with the manufacturers own systems not being able to easily handle this natural transfer of ownership.
Some of this could be simply rectified by the manufacturer just needing to change the "owner" on the data file and lock out previous data when that changes. With the dealer "lockin" that gives the dealer the ability to pressure sell new vehicles and at this point, who's paying the dealer to this "data transfer" work? From the tone of the article, not only is this process rather undefined by the manufacturer but there's no incentive (legal or otherwise) for them to do something that costs bit of money.
'... and at this point, who's paying the dealer to [do] this "data transfer" work? From the tone of the article, not only is this process rather undefined by the manufacturer but there's no incentive (legal or otherwise) for them to do something that costs bit of money.'
Adhering to the law is a cost of doing business and remaining legal is the reward. Otherwise you are some sort of Del Boy outfit, or worse.
The idea that someone should be 'paid' to adhere to the law isn't one that the societies we live in are built upon.
Personally, I approve of GDPR applying some constraints and penalties to control the sort of 'big business' that has surreptitiously slimed its way into spying on citizens for their own ends.
YMMV, obviously. Hitler, Lenin and others would doubtless have approved of corporate surveillance, the results of which governments get for free. Doubtless their ilk will do so again. Even in 'Western democracies'.
"most transit van hires still have bluetooth. I hired one from enterprise just 3 weeks ago, it had a load of bluetooth history in its connection page."
If it's just a list of phone numbers, well, that's pretty much public information anyway. Unless it has names and/or dates and the calling number as well as the called number, it shouldn't be a problem.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
