Skip to main content

The infotainment systems in modern vehicles contain reams of data.

artisteer/iStockPhoto / Getty Images

Most people understand the privacy risks when selling or disposing of a personal computer or cellphone. The same awareness, however, doesn’t seem to be translating to the vehicles we drive when it comes time to trade them in for a new model.

“I should perceive selling my car like I was selling my laptop,” says Mahesh Tripunitara, a professor of electrical and computer engineering at the University of Waterloo. “That is really the right way to do it, because that is what a car is.”

According to a 2019 study by McKinsey and Co., cars today can collect up to 25 gigabytes of data an hour. The information could include location, speed and other vehicle dynamics, or even what channels you listen to on SiriusXM radio. It’s all collected by the manufacturers and, depending on the vehicle’s in-car entertainment and navigation system, some of that information is shared with third parties.

Story continues below advertisement

Your car also collects personal information in other ways. If you sync your phone with your infotainment system, your contact list, texts, phone calls, photos and even internet passwords will live on in its memory. Your in-car GPS will record addresses and routes. And without proper steps taken, your personal data will be accessible to car thieves or, perhaps more innocuously, the next owners if and when you sell your vehicle.

Tripunitara says that there is a real danger in private information, such as addresses or credit card numbers, being used for nefarious purposes. And all because the owner forgot about it, didn’t know or just didn’t care.

“I think most people don’t realize how valuable their data is to somebody else,” he says. “If I told my neighbours that their cars have their home addresses, I suspect most of them wouldn’t care.”

The potential risks were showcased earlier this year in April, when a hacker was able to purchase used Tesla infotainment systems on eBay and obtain sensitive data on their former owners. According to reports, the systems contained home and work locations, saved WiFi passwords, phone-calendar entries and even full call lists from previously paired phones. Tesla is not the only automaker facing these problems.

Bob Elder, the chief executive officer of Teel Technologies Canada, sees this firsthand. Teel is a digital-forensics company that specializes in recovering data from devices for law enforcement or insurance purposes.

“Our company gets these infotainment systems off of eBay or other sources like recyclers, for training purposes,” he says. “And during our research and training, we’re able to see data from multiple cellphones, multiple sources, because they’re not being wiped before they’re sent to a junkyard.”

Infotainment systems have a built-in way to “erase” their memories, which resets them to factory settings and makes them work as if new. How to do this can be found in your user’s manual. But this simply deletes the path, or directory, to the data, which remain on the drive. Home computers can use software to overwrite the data, but that extra precautionary step is not available for cars.

Story continues below advertisement

“For layman use, [a reset is] good enough. If you’re really concerned, and you’re worried that someone would have access to the memory, companies like ourselves can do advanced processes to gain access to these … But we’d have to be goal-orientated to go to that level,” Elder says, adding that someone would have to be highly motivated and knowledgeable to do the work necessary to access the data.

A better idea, according to the U.S. Federal Trade Commission, is to also go through the unit’s features manually, such as deleting your contacts list, cancelling or transferring subscription services such as SiriusXM, changing or cancelling your garage-door opener codes if you have them, and even deleting all music or videos yourself. An app called Privacy4Cars can take you step-by-step through the data-deletion process of any modern vehicle.

“If the owner’s cellphone has been synced to the car’s infotainment system, it would be a good idea to destroy any data transferred to the car before selling or disposing of the vehicle,” Elder says.

This problem doesn’t just pertain to your own vehicle, either. Many people oblivious to the threat will think nothing of syncing their phones with a rental car, which can have far greater consequences, considering the number of unknown people who will get in that same car later.

“For the most part, if you’re renting a car and using the GPS, you’ve got nothing to worry about,” Elder says. “If you’re going to McDonald’s or to a hotel, no one knows who you are. It’s when you’re syncing your phone that it gets more personal. You’re exposing your own personal information and other people’s, because your contacts get thrown over, so now you’re exposing all your contacts.”

Tipunitara also places some of the blame on tech companies, the public’s lax attitude toward privacy, and car companies that offer more and more tech-reliant features without sufficient regard to protecting people’s personal data.

Story continues below advertisement

He points to the likes of YouTube and Twitter. While they have recently begun policing what appears on their sites, they have in the past avoided that responsibility by referring to themselves as “infrastructure providers, not content providers.”

Ultimately, in the case of your vehicle and its collected information, especially when it comes to the infotainment unit, it’s up to the owner or renter to protect themselves.

“A car maker sells cars; content is not their game,” he says. “It’s not seen as a computer, and they’re not telling you to upload your [personal] data. That’s your problem.”

Shopping for a new car? Check out the new Globe Drive Build and Price Tool to see the latest discounts, rebates and rates on new cars, trucks and SUVs. Click here to get your price.

Stay on top of all our Drive stories. We have a Drive newsletter covering car reviews, innovative new cars and the ups and downs of everyday driving. Sign up for theweekly Drive newsletter, delivered to your inbox for free. Follow us on Instagram,@globedrive.

Your Globe

Build your personal news feed

  1. Follow topics and authors relevant to your reading interests.
  2. Check your Following feed daily, and never miss an article. Access your Following feed from your account menu at the top right corner of every page.

Follow topics related to this article:

View more suggestions in Following Read more about following topics and authors
Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies