At the RSA security conference last week in San Francisco, IBM’s X-Force Red leader Charles Henderson told a twisted tale of a car he couldn’t get rid of. Despite the fact that he’d sold his old car and gotten a new one, his previous vehicle’s controls were still accessible through the its shoddy app.
Being a hacker, he was very careful when he traded his old car in at the dealership. He wanted to make sure none of his personal information went with it, so he performed factory resets on everything and de-authorized all the accounts connected to the car.
He took great pains to make sure the car was transferred securely.
When he got home with his new vehicle, he noticed the old one was still listed on his app. He waited for it to go away.
He thought it would take a few days to clear out of the connected car system. Days turned into weeks, then months. After two years, he became a car-app hacker to figure out exactly what was going on. Shockingly, as noted in his RSA talk, “four years later, I still have control of the car.” He added, “If I were a criminal, I could’ve stolen the car.”