Connected car in the second-hand lot? Don't buy it if you're not hack-savvy

Nothing will be done

until there is a sensational case of a former owner doing something unspeakable to a young...

"Without naming the machine's maker"

Not many cars around that use apps to control them .. dare I mention Tesla? The procedure for transferring ownership is pretty hard:

Old owner:

DVLA transfer

Log out of the app

Inform Tesla of the transfer of ownership and also send a copy of the registration

New owner is required to inform Tesla of:

Colour copy or photo of current driver’s licence

Copy or photo of vehicle registration

Phone Number

Email Address (the email use for My Tesla Account)

Home or mailing address

Might be easier to buy a much older car that doesn't have apps to control it.

(PS: I'm a Tesla owner)

Now ask me why ...

... I drive pre-1970 "enhanced restorations". (There are a couple from 1972 in the fleet, and the Peterbilt is this century ... ).

Sigh

It just goes to show that a jammer is no longer a luxury :(.

Second-hand cars not safe?

I see the entire car industry weeping huge tears as they glide to the edge of the river and sun themselves on the bank.

Factory reset - default passwords and security

The factory reset may well be wiping all the customisations and resetting the security - however it is probably also going to reset the access ccodes/passwords/security tokens to the original values. If the original owner did not change them (if possible) on purchasing the car then any of his/her apps that had remote access to the car would still work. For a pre-owened car with remote access to be secure REQIRES the new owner to immediately change the access codes etc or to disable the remote access (eg by removing the antenna or wrapping it in foil).

Fortune 500

"even Fortune 500 companies have trouble managing access and identity revocation properly."

Not the one I used to work for though. Best IT infrastructure I've ever seen, by a nautical mile and three chains.

Doesn't have to be smart ...

... I've had numerous hire cars where the phone book still has other people contacts in, and the GPS still has "home" in it.

Pretty sure it's brand dependent

BMW makes it nearly impossible to connect to your own car. In many cases you can't even connect to a car you properly own. I'm pretty sure that their system which is paranoid strict about device connectivity won't let the new owner connect unless the old owner first releases it.

to quote him, “identity management for devices is best served when it's centralised.”

to quote him, “identity management for devices is best served when it's centralised.”

Bollocks. What an idiot. Just the opposite. Run a CA on the car and have a "regenerate car certificate procedure" or "revoke all old keys" procedure.

1. Any device can be a smart lock/unlock - key, phone, you name it. Provided it can do STRONG crypto. The mere fact that you have managed to establish a connection means that you are legit. No pins, no passwords, no keys. Client cert, server cert. Most basic public key cryptography. Nearly all devices of interest (phones, etc) on the market have TPMs so the key cannot be stolen/recovered without access to NSA level resources to do direct surgery on the chip.

2. The "centralized identity management" does not belong. Sorry, any backdoor is a hackable backdoor. I do not see the rationale for using a weak, crippled and backdoored solution when you can run a strong one. It does not matter which brain rotting disease is at play "realtime embedditis - roll your own crypto" or "web 2.0 oAuthitis - use a token everywhere". There is no technical need for either.

3. The compute resource available in a normal car can run a proper CA. Running a cut-down one just to manage keys for for devices and their associated permissions is a trivial job.

The only potential role for a centralized point is to be a locator, the auth should still be completely in the OWNER's hands, not be rented out to a central identity management racketeering outfit.

Consumables

"The problem is pretty obvious: much of the industry is treating products as consumables, and any attention that's paid to security is focussed on the first buyer."

This has ALWAYS been the problem. The consumer model is broken because vendors only ever consider their own leg of the product lifecycle - sourcing components and materials from suppliers, and selling the product to consumers. Often no thought is put into where the raw materials actually come from, nor what happens to the product when it becomes waste after the end consumer finishes with it ... which has long led to serious environmental and social consequences which capitalist society does its best to ignore.

Fingerprint readers

I suggest fingerprint readers that enable & encrypt this level of data owner by owner.

No live finger print - no apps.

There would be a service / valet key as required - but apps / settings would only be enabled by the fingerprint reader. Perhaps the ignition key does what it does now, and the fingerprint does the rest.

The reader scans several fingers for each driver as part of the setup in case of chopping board injuries, and scans for a pulse to make sure someone hasn't done something gruesome.

Those who want to avoid apps on their car entirely, seeing apps as truly the work of the devil, only use the service key and never the fingerprint reader. This turns the object into a car again.

The majority, who will want apps, use the fingerprint reader.

Something will need to evolve because once the driver has bags of time because the car drives, they will want connections / apps to do work / leisure in the car. Those who only use the valet key will install a library shelf for books to read during traffic jams.

When you sell the car & key you can wipe your settings / fingerprint entirely (perhaps with combined use of the service key and your fingerprints) or trust that the encryption level will be good enough to keep hackers out. Those with a different mind-set will not think about it anyway and still get the same result.

By the time the iPhone 100 can hack the encryption level of your one-time car, you should have changed passwords anyway, or indeed be dead and not caring as much.

The criminals are already using this weakness

I know directly of 2 examples near me, somewhere on mainland Europe. Both people bought late model BMW's secondhand from Germany. Within 24hrs, one of them had been pinched from inside the guy's garage. It seems they hide a gizmo in the car to clone the signal for automatic garage doors which can then be operated remotely. Whoever did it had full access to the car, despite the owner having both car keys. The 2nd had his car pinched off his driveway 2 days after driving it home from Germany. I bet those 2 cars have been sold and stolen by the same people many times

They car should automatically delete any old 'key' or paired device when a new one is entered. If you want to sync multiple devices there should be a small temporal window where all devices need to be present to check in. Any other method simply means that when you drop your car off with the valet or mechanic or whatever the car is exposed to being connected with any number of devices beyond your control and without your knowledge. There's no need for the car to be second hand, all that's needed is access.

Smart Lusers

What about a smart car that gets stolen? I guess they can be more easily located by an app. if you do not start disabling stuff. Then again the odds are high it is already in a chop shop or on a boat to some third world country. If my car got stolen I'd reset all that I could, asap. I would not expect law enforcement to have a process for a stolen smart car that is different from a non-smart car. I'd just ask for the police report for insurance purposes. Then there is the insurance company - liability clauses!!!

Who was the genius who determined that smart cars are a user benefit ? Seems the benefit got misplaced.

Surely this needs to no more complicated than every now and then the car popping up an alert on the dash saying "I've still got these devices with valid access tokens, do you want to keep them? Ok so that gives a window where it might still work but if it's once a month that's not too bad.

Or it could do it when you pair a new Bluetooth device "got a new phone? Do you want to deal register the old one?"

Mercedes do an add on "my mercedes" that you can buy and retro fit to my car, it's a plug in module so when you sell the car you can remove it, or the new buyer can unplug it and get a new one.