1

Many modern cars feature Bluetooth connections and USB ports that allow passengers to connect them with mobile phones and digital music players (and smartphones, which serve as both). Is it safe to use these features in rental cars? Could data on the device be stolen? Could the devices themselves be compromised or damaged?

My main concern is that rental cars in particular are security risks because I don't know how much to trust the car end of the connection. (For the purposes of this question, shared vehicles from services like Zipcar count as rentals.) A few sample scenarios: rental companies installing modified firmware themselves just to collect customer data for their own analyses; malicious previous renters installing malware into the car's systems; and non-malicious previous renters unwittingly loading badware simply by connecting infected devices. Those are only examples; feel free to describe other schemes you are aware of.

At the risk of making this question too broad, I don't care whether the connection is physical (USB) or digital (BT), but I would like to know if there are differences between the two, such as one of the methods somehow being more secure than the other.

Also, this question is not about inherent issues with general car-device connectivity. For better or for worse, I'm willing to trust brand-new cars I buy from dealerships, and friends' cars. Security issues present in "factory fresh" vehicles would be a separate question (if that question has already been asked, though, I would appreciate a link).

Pops
  • 241
  • 4
  • 10
  • The Bluetooth part boils down to "What can a paired Bluetooth device do to mine?", which has already been answered in ["What can an attacker do with Bluetooth and how should it be mitigated?"](http://security.stackexchange.com/questions/26356/what-can-an-attacker-do-with-bluetooth-and-how-should-it-be-mitigated). The USB part has already been answered in [Protecting cellphones from USB attacks (a.k.a. Juice Jacking)](http://security.stackexchange.com/questions/7687/protecting-cellphones-from-usb-attacks-a-k-a-juice-jacking) – Adi Jun 19 '13 at 14:12
  • The questions suggested as duplicates are certainly useful, but I disagree that they're duplicates. They don't address the issue of whether it's possible for cars to be compromised in the first place, and if so, the differences between compromised cars and other compromised devices. (If there are no differences, well, I still need to know that.) – Pops Jun 19 '13 at 14:36
  • @LordTorgamus USB and Bluetooth interfaces in cars are functionally no different from those found elsewhere. Compromise of those systems is therefore just as simple, given indefinite unsupervised physical access (which even your factory & dealership employees will have), as with any other. – Iszi Jun 19 '13 at 14:39
  • @Iszi hrm, exactly what I expected but did not want to hear. Okay, fair enough. (For what it's worth, I wasn't thinking that there was any _technical_ difference on the dealership end of things; I just _trust_ them more.) – Pops Jun 19 '13 at 14:49

0 Answers0