Tag Archives: cybersecurity

Smartphones & Rental Car: Forget Me Not

Are you leaving a shadow at the car rental?

“Please remove your personal possession from the rental car… as well as your personal data… or….forget me not!”

We are all familiar with the first part of that announcement when we drop-off a rental car, particularly if we return it to an airport location. Unless you have rented a very recent model, you may not know that your digital data could stay with the car long after you have shut the trunk, grabbed your bags, and caught your flight.

With a smaller rental car agency, you may have encountered the Bluetooth display that lists past drivers as it searches for a pairing. Bigger rental agencies may be more savvy about clearing this screen. In 2015, it came to light that pairing a smartphone to a car’s Bluetooth system could leave a digital trace.   This trace might include your phone number, call list, and even contacts, unless you took efforts to delete it.

In 2016, an English cybersecurity expert, David Ward, indicated that additional steps were needed.  In a talk at the Institute of Engineering and Technology he said, “in a hire car I paired a mobile device (…) needless to say, when it went back to the rental station, there weren’t any paired devices listed in the memory (…) but all that means is they were deleted from the list; someone that could physically get hold of that unit could probably still extract the data.”  (Note: Mr. Ward,  of MIRA,  was not specific about ‘where’ this information is stored but a later zdnet item indicates it is within the car’s infortainment system.)

More recently, both Google and Apple have announced Bluetooth type systems that are supposed to reduce the risks.  Apple CarPlay and AndroidAuto are supposed to display information from the smartphone without storing it. Cars equipped with these systems  may eliminate the current risks to your data (note: or create new ones).

Meanwhile, most rental cars do not have have these systems, and it will be a while before the technology diffuses through the fleet. As an interim measure, we can remember before we set up Bluetooth, to not sync the contacts.  It has also been suggested that we allow extra time when we return a rental car so that we remember to clear it from the Bluetooth pairing!!  The full recommendation is to do a complete factory reset of the Bluetooth (you might need to ask the rental agency to assist).  Apparently, the car’s navigation system will also need to be reset and cleared of its cookie-crumb trail.

Perhaps CarPlay and Android Auto will reduce the leakage of data, and drivers will be more assured that their information will remain private. That will also require that users trust these new systems, and possibly consider paying a monthly fee too.  One solution begets another problem, yet an even more bigger one.

The pairing of the smartphone and mobility brings ‘human sized’ challenges. The simplicity and ease of using Apple Play or Android Auto will encourage drivers and their passengers to interact with their smartphones more frequently. The developers overlook human issues: the cognitive burden of doing this is two-way, quite different from the interaction with simpler things, like a manually operated , turn knob, car radio. As our technology grows and our privacy does a reset, so does out ability to distract the driver even further.