back to article Shock Land Rover Discovery: Sellers could meddle with connected cars if not unbound

Both data and the online controls on "connected cars" from Jaguar Land Rover remain available to previous owners, according to security experts and owners of the upmarket vehicles. The car maker has defended its privacy safeguards and security of its InControl tech. El Reg began investigating the issue after talking to Matt …

Page:

  1. Anonymous Coward
    Anonymous Coward

    From personal experience of being within JLR dealers, it's too much faff for sales droids to 'unbind' a VIN, regardless of what the dealer minimum standards document says..... bit like PDI battery tests ;-)

  2. uncle sjohie

    GDPR?

    Mayby someone should tell them about the GDPR?

    1. Anonymous Coward
      Anonymous Coward

      Re: GDPR?

      Hence why the V5 no longer shows the previous keeper

      1. Anonymous Coward
        Anonymous Coward

        Re: GDPR?

        >Hence why the V5 no longer shows the previous keeper

        As loved by "Dodgy Dave" Motors.

    2. IceC0ld Silver badge

      Re: GDPR?

      and I will doubt if it is JUST JLR that has this option available ?

      and therefore may we know how the other manufacturers go about the disconnect of old users from the data ?

    3. Benchops

      Re: GDPR?

      > It is important to note that when the initial customer accepts the terms and conditions of Remote Premium services that they are agreeing to unbind the vehicle from themselves when they sell it on.

      So the previous owner has agreed to a set of terms and conditions with ... whom? I don't think it's the dealership and it's certainly not any future owner of the car. Presumably with JLR (but possibly a 3rd party app owner??). In which case how do they propose to enforce the agreement (T&C) they have with the previous owner? It sure as heck isn't the new owner's responsibility to enforce that agreement!

      1. Roland6 Silver badge

        Re: GDPR?

        Re: So the previous owner has agreed to a set of terms and conditions with ... whom? I don't think it's the dealership and it's certainly not any future owner of the car.So the previous owner has agreed to a set of terms and conditions with ... whom? I don't think it's the dealership and it's certainly not any future owner of the car.

        Well if you buy a new car or a second hand car, through a dealer, effectively agree to two contracts: firstly with the manufacturer (eg. warranties) and secondly with the dealer for servicing etc.

        Remember one of the reasons dealers 'partner' with manufacturers is because it gives them a better business potential, so they aren't looking at the single new car sale but at the n-years of servicing etc. that will follow.

        One of the things I discovered about the Vauxhall scheme was that a car was registered to both its owner and to a dealership, specifically the dealership who sold the car to the customer. Thus if the original customer traded their car in at the dealership that originally supplied it, the online account termination process works. However, if the customer sells the car elsewhere, both their account and the dealers' control of it continues. Walk into another dealership and you find that they can't do anything (wrt account management), because the account is still owned. In saying the above nothing stops you from using the car and having it serviced wherever, just that if you want to take advantage of the online account and the benefits it gives, you have to unravel the online account ownership and transfer issue.

  3. fixit_f

    Expect nothing less of JLR. Awful company, utterly dreadful vehicles, don't touch them with a barge pole.

    1. David Shaw

      Land Rover pwned?

      A previous JLR model that we used for a (legitimate research ) Bluetooth attack was slightly flawed in having a BT pin that was fixed, immutable. It wasn’t the VIN code, but those guessing “00000” would only be one zero out!

      1. Camilla Smythe

        Re: Land Rover pwned?

        Yah-But

        Where do you put the missing zero AY?

        Lah-Dee-Dah 'legitimate research person'. Not looking so clever now are you?

        1. Anonymous Coward
          Anonymous Coward

          Re: Land Rover pwned?

          Maybe you have to remove a zero. See, this stuff is more complicated than you thought. You really should leave it to the experts.

          1. Camilla Smythe

            Re: Land Rover pwned?

            Sheesh! There's always one.

            Perhaps you are getting yourself confused by the OP saying "one zero out" and thinking that a zero needs to be removed but removing a zero leaves a space. Like that is really going to work in that the pin now has a space in it.

            00000

            00_00

            See?

            1. Anonymous Coward
              Anonymous Coward

              Re: Land Rover pwned?

              Noooo. You have *substituted* a space for a zero. You have to *delete* the zero.

              00000

              0000

              Get it?

              1. Camilla Smythe

                Re: Land Rover pwned?

                Fine... Have it your way but you have just proved my point. Neither I or anyone else would be able to easily tell which zero you removed.

                Anyway my methodology is also much more secure than yours since you can only remove one of five zeroes whereas I have six places where I can add a zero.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Land Rover pwned?

                  IT LITERALLY MAKES NO BLOODY DIFFERENCE!

                  00000

                  0000

                  0000

                  0000

                  0000

                  0000

                  THEY ARE ALL THE SAME!

                  1. Camilla Smythe

                    Re: Land Rover pwned?

                    All Caps and Swearing. I guess we can all see who is losing the argument here.

                    Anyway. How do I know that you did not cheat and just type five zeroes followed by five sets of four zeroes rather than doing it properly?

  4. 2+2=5 Silver badge

    GDPR to the rescue

    > JLR needs a bullet-proof method for this to be automatically disconnected when the vehicle changes hands. I don't know how you do this but the current process is clearly not sufficient."

    There is a bullet-proof method. It's called 'reminding' JLR that they can be fined up to 4% of global revenue because they are a data processor, processing personal information about you (your home address for starters) and allowing that information to be passed to an unknown 3rd party without your consent and without a clear business need.

    If they don't act immediately you can also 'remind' them that you can start a private prosecution - no need to wait for the ICO to review and take up your case.

    1. Anonymous Coward
      Anonymous Coward

      Re: GDPR to the rescue

      "no need to wait for the ICO to review and take up your case."

      So when will we start seeing an army of no win no fee ambulance chasing law firm advertisements?

      Until they start showing up, there's no evidence this ICO/GDPR process is working (for those affected), surely?

      1. Roland6 Silver badge

        Re: GDPR to the rescue

        >So when will we start seeing an army of no win no fee ambulance chasing law firm advertisements?

        1 Sep 2019.

        Why?

        PPI Deadline is 29 AUG 2019

        ...

        1. ridley

          Re: GDPR to the rescue

          What do they do on the 30th and 31st?

          1. robidy Silver badge

            Re: GDPR to the rescue

            Staff take their annual holiday quota in one go?

    2. Anonymous Coward
      Anonymous Coward

      Re: GDPR to the rescue

      Not having yourself removed isn't the problem. It's a problem if somebody doesn't get unbound from a car they sell and then they use it.

      You're hardly likely to unbind if you *want* to use it after you've sold the car.

    3. macjules Silver badge

      Re: GDPR to the rescue

      Actually all they need is a functionality similar to Tesla. Go to Backup and Reset and select Factory Data Reset. Car is completely reset and new user can register.

      Oh, they still retain all the previous user's data on their CRM? Naught JLR - have a 4% of turnover fine.

    4. Anonymous Coward
      Anonymous Coward

      Re: GDPR to the rescue

      "JLR needs a bullet-proof method for this to be automatically disconnected when the vehicle changes hands. I don't know how you do this..."

      This is an unreasonable demand to make of JLR because any such automatic bullet-proof method would be dependent upon a similarly bullet-proof system/process whereby JLR is informed of the sale of any of their vehicles, including private sales.

      I don't know how you do this...

      No, and neither does anyone else, because it would require a legal obligation on the part of the seller of a vehicle to notify the manufacturer of that vehicle when it is sold, for without such an obligation upon the seller there would be no means for the manufacturer to receive notice of the sale and transfer of ownership.

      And that's the problem with simplistic remedies like: "There is a bullet-proof method. It's called 'reminding' JLR that they can be fined up to 4% of global revenue..."

      Whilst there's clearly a problem here it's not simply down to the manufacturer, despite all the outrage and simplistic but flawed solutions.

      1. Anonymous Coward
        Anonymous Coward

        Re: GDPR to the rescue

        as macjules said above:

        "Actually all they need is a functionality similar to Tesla. Go to Backup and Reset and select Factory Data Reset. Car is completely reset and new user can register."

        That seems to be a simple and reasonable solution.

        The problem of someone, a valet or whomever, resetting this functionality while in the car is more difficult. It's a little like having guests or new acquaintances in your house. You hope and expect they're not going to be malicious.

        My personal preference would be to have none of tracking/"functionality" in the car in the first place.

        1. werdsmith Silver badge

          Re: GDPR to the rescue

          It's very much like activation lock on phones. If a previous owner doesn't "log out of itunes" or whatever the equivalent it, then it remains locked to the account of that previous owner.

          In days gone by it would be no effort at all to sell a car but retain a key copy, so you can go and help yourself to that car at any time it's unattended. Anyone going to do anything about that?

      2. sabroni Silver badge

        Re: it's not simply down to the manufacturer

        It's completely their responsiblity though. This isn't a bolt out of the blue revelation, it's something they were fully aware of throughout the development of this system. They were fully aware that people sell cars. If they didn't put in place a robust mechanism to deal with this fact then they are at fault.

  5. Roland6 Silver badge

    Same applies to other vendors...

    Having taken over a Vauxhall, I can see big issues concerning the transfer of the online information associated with secondhand vehicles. Whilst DVLC were quite happy to accept a signed V5C as proof of change of ownership.

    Getting Vauxhall to accept that I was the new owner of the vehicle, now sitting on to the forecourt of one of their dealers, and said dealer had seen my V5C and proof of Id/address etc. and so grant me access to the online service history and other useful information and benefits associated with said vehicle - which Vauxhall say on their website can be achieved by simply completing a web form...

    Expecting the current owner when selling their vehicle to do anything more than complete the V5C is a recipe for trouble.

    1. Lee D Silver badge

      Re: Same applies to other vendors...

      It won't be long before there's a SORN-like online process for transfer of ownership. The V5C should be an online document in this day and age, and there's no reason you can't have it tie into a Government Gateway account or similar like driving licences/passports do.

      Proof of ownership is then no different to the hire-car-codes for licensing. You generate a code, give that to the organisation asking for proof of ownership, they don't get all your details but have a proof that it MUST be you it's registered to.

      There's already electronic querying of finance status, write-off, insurance status, MOT status, driving licences, etc. Online car registration is just the next logical step. In fact, you can already do it: https://www.gov.uk/sold-bought-vehicle but it's the bit about proving it that needs to be added.

      Their incentive? With electronic registration, no more "no logbook" / "logbooks in the post" kind of sales , hoping that the seller sent it off in time, etc. - you just do it there and then with your smartphones, from the literal second of ownership. Which means they get the right person when you go through a camera with a brand new car.

      1. This post has been deleted by its author

      2. Roland6 Silver badge

        Re: Same applies to other vendors...

        >It won't be long before there's a SORN-like online process for transfer of ownership.

        There already is, I used it to take ownership of this vehicle earlier this year. Although they still want to see the paper copy returned with a signature in real ink on it and will send out a new paper V5C as confirmation.

      3. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Re: Same applies to other vendors...

      In 2016, a security researcher demonstrated turning heating on and off (As well are reading battery levels) across the internet on the Nissan Leaf, mostly by knowing the VIN.

    3. Voland's right hand Silver badge

      Re: Same applies to other vendors...

      online service history and other useful information and benefits associated with said vehicle

      Hate to spoil the party, but that service history may inadvertently contain information which personally identifies the previous owner and should require their consent. Example - car fails to start, major fault towed from the driveway to the dealer (happened twice to my neighbour's son). I would be surprised if the traces of that in the service history have been fully scrubbed from all personally identifiable details as required by GDPR

      Like it or not, the V5C transfer procedure is becoming woefully inadequate in the day and age of connected vehicles.

      In fact, we are rapidly approaching a moment when the V5C is the last part in the sales. Un/Re-registering everything related to the data leaching and connectivity to the new owner will be going before that.

      1. Roland6 Silver badge

        Re: Same applies to other vendors...

        >Example - car fails to start, major fault towed from the driveway to the dealer (happened twice to my neighbour's son). I would be surprised if the traces of that in the service history have been fully scrubbed

        From the information you provided, even knowing the dealership who repaired the vehicle was Monty's of Hereford, you would be had pushed to identify a person; naturally, if I'm buying the car off you, I would easily be able to determine your contributions to the service history, that is unavoidable.

        However, given you would have consented to data collection and the sharing of data with selected third-parties at the time of sign-up/vehicle purchase...

    4. David Shaw

      Re: Same applies to other vendors...

      A friend was driving his BMW X-something recently, on the motorway. He got a phone call on his hands-free infotainment system; “good morning Dr. D., we’ve noticed that it’s about time to change your brake-pads. We do have a slot tomorrow at 2pm if you’d like” this call came from the local city‘s big beemer dealership. They seemingly received live telemetry the second that an amber light came on, my colleague only noticed his dashboard display warning/advising about brakes after the phone-call. He was certain that there were no alarms at the start of his journey. Westinghouse brake & signal company SCADA with remote terminal management comes to cars! Dr. D. immediately booked a brake pad replacement at anywhere other than the city’s main-dealer.

      They are probably using the E-911/E-112 channel etc

      One thing about a 1973 Series III diesel landy is that it not only Carrington event immune, but also lacks any SCADA telemetry, for good or ill?

      1. therebel

        Re: Same applies to other vendors...

        Correct, they do receive live telemetry but only if you opt into it.

  6. Graham Cobb Silver badge

    New owner must be able to disconnect seller immediately from the vehicle

    Car manufacturers must put a "disconnect car from current account" function within the vehicle itself so that the new owner can do the disconnect before driving a single metre after buying the car.

    If there is a concern about theft then the back end for the function can be made more complex: still collect the data but prevent the previous owner from accessing the data or controlling anything. The police can still have access to the data (for example with a warrant) but the previous owner does not unless they go through a process to reclaim the car (disputing that ownership has been transferred). Meanwhile, the person with control of the car immediately has full access and control (although only to data from the moment of claiming the account).

    It is not reasonable to require any co-operation from the previous owner, nor to allow any access from one of the users to data about the other's usage, nor any complex process of proving ownership to a third party such as JLR or a dealer (control of the car should be sufficient). The tiny number of cases of theft or disputed ownership would be the cases which have the complex process, probably involving a court.

    1. Anonymous Coward
      Anonymous Coward

      Re: New owner must be able to disconnect seller immediately from the vehicle

      Which would be nice, but InControl has the ability to work as a stolen vehicle tracker. Enabling the current person in the car to disable this kind of defeats the purpose.

      How JLR is supposed to know the vehicle has changed hands outside of its dealer network is beyond me, in the event he was able to get this resolved after contacting a JLR dealer.

      1. Danny 14

        Re: New owner must be able to disconnect seller immediately from the vehicle

        @AC: you phone JLR, they check DVLA data. You confirm with JLR your identity. voila! system reset.

        It seems that JLR dont want to do this though.

      2. JetSetJim Silver badge
        Stop

        Re: New owner must be able to disconnect seller immediately from the vehicle

        > Enabling the current person in the car to disable this kind of defeats the purpose.

        Push and hold button for ten seconds, car connects to server. If not registered, follow existing procedure. If registered, fire emails/phonecalls to current registered owner to get confirmation of account deletion. No response, do nothing. Repeat attempts generates intervention from a meat sack to work out what's going on (e.g. if previous owner has died, and other edge cases)

        When you buy a 2nd hand car, just keep pressing the button every day until it registers. If I just had to 'click here to login and confirm', it would be easier than remembering where I put the booklet with the URL in (probably the glove box anyway).

        Sure, there's still the case where a thief nicks your phone and keys, but I'm sure the existing tracking can cope with that.

      3. eldakka Silver badge

        Re: New owner must be able to disconnect seller immediately from the vehicle

        > Enabling the current person in the car to disable this kind of defeats the purpose.

        As per the OP you are replying to (emphasis mine):

        If there is a concern about theft then the back end for the function can be made more complex: still collect the data but prevent the previous owner from accessing the data or controlling anything. The police can still have access to the data (for example with a warrant) but the previous owner does not unless they go through a process to reclaim the car (disputing that ownership has been transferred).

  7. Kevin Johnston Silver badge

    Contact Previous Owner

    A lovely sentiment but if this is the 3rd/4th owner then how do you backtrack to find the one that the car is bound to? As mentioned, you cannot rely on the V5 to hold all the previous keeper details so how is Joe Public supposed to go about this?

    The proper, and in fact only, solution is for there to be the disconnect button #Graham Cobb suggests.

    1. Roland6 Silver badge

      Re: Contact Previous Owner

      >The proper, and in fact only, solution is for there to be the disconnect button #Graham Cobb suggests.

      Not needed, the data is already available from DVLA, however DVLA charge for this records checking service...

      I suspect the real problem is with the manufacturers own systems not being able to easily handle this natural transfer ofownership.

      1. Mark 85 Silver badge

        Re: Contact Previous Owner

        I suspect the real problem is with the manufacturers own systems not being able to easily handle this natural transfer of ownership.

        Some of this could be simply rectified by the manufacturer just needing to change the "owner" on the data file and lock out previous data when that changes. With the dealer "lockin" that gives the dealer the ability to pressure sell new vehicles and at this point, who's paying the dealer to this "data transfer" work? From the tone of the article, not only is this process rather undefined by the manufacturer but there's no incentive (legal or otherwise) for them to do something that costs bit of money.

        1. HolySchmoley

          Re: Contact Previous Owner

          '... and at this point, who's paying the dealer to [do] this "data transfer" work? From the tone of the article, not only is this process rather undefined by the manufacturer but there's no incentive (legal or otherwise) for them to do something that costs bit of money.'

          Adhering to the law is a cost of doing business and remaining legal is the reward. Otherwise you are some sort of Del Boy outfit, or worse.

          The idea that someone should be 'paid' to adhere to the law isn't one that the societies we live in are built upon.

          Personally, I approve of GDPR applying some constraints and penalties to control the sort of 'big business' that has surreptitiously slimed its way into spying on citizens for their own ends.

          YMMV, obviously. Hitler, Lenin and others would doubtless have approved of corporate surveillance, the results of which governments get for free. Doubtless their ilk will do so again. Even in 'Western democracies'.

  8. Mark #255

    Hire car data

    Not the same, but related:

    I was Quite Interested to note that the hire cars I've used since GDPR came into force have all had empty sat nav histories and no other phones in the Bluetooth history (this never used to be the case).

    At least someone appears to be on the ball.

    1. Anonymous Coward
      Anonymous Coward

      Re: Hire car data

      Some manufacturers disable the connected stuff for fleet sales. FCA do.

      1. Danny 14

        Re: Hire car data

        most transit van hires still have bluetooth. I hired one from enterprise just 3 weeks ago, it had a load of bluetooth history in its connection page.

        1. John Brown (no body) Silver badge

          Re: Hire car data

          "most transit van hires still have bluetooth. I hired one from enterprise just 3 weeks ago, it had a load of bluetooth history in its connection page."

          If it's just a list of phone numbers, well, that's pretty much public information anyway. Unless it has names and/or dates and the calling number as well as the called number, it shouldn't be a problem.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020