Focus on source code security and collect the latest information at home and abroad!
Compiled by: Code Guard
Mozilla analyzed 25 of the world's largest car companies and concluded that they were failing in terms of privacy and security. These car companies often collect large amounts of personal data and share it with others without users’ explicit consent.
Mozilla's "No Privacy" project analyzed the privacy policies and applications of these 25 car companies, including: BMW, Renault, Subaru, Fiat, Jeep, Chrysler, Volkswagen, Toyota, Lexus, Ford, Audi, Mercedes-Benz, Honda, Lincoln , Acura, Kia, GMS, Chevrolet, Hyundai, Nissan and Tesla.
According to the research project, the privacy policy documents provided by these car companies show that they will inform customers of the behavior of collecting a large amount of data, including health and genetic information, race, immigration status, weight, facial expressions, location, driving speed, multimedia content and even It's sex life. This data is delivered via mobile apps, traders, corporate websites, vehicle telemetry, sensors, cameras, microphones and in-car connected phones.
Mozilla ranked companies based on data usage, data control, track record and security, and the top performer was Renault and its subsidiary Dacia, both European companies required to comply with the GDPR. The worst performers are Nissan and Tesla. Nissan collects the sex life of users, while Tesla ranks at the bottom because, in addition to failing privacy and security checks, it also uses "untrustworthy AI".
Large car companies generally report data security incidents in which customer personal data is leaked. In addition, the privacy policies of more than half of car companies state that they can share the information collected with law enforcement and government agencies. In addition, 84% of car companies said they could share personal data with service providers, data brokerage companies, etc., while 75% of car companies said they could sell the collected personal data.
In many products that include a web component, customers are required to accept a privacy policy before purchasing the product. In an automotive product, the passenger is usually assumed to agree to these policies. Mozilla said, "For example, Subaru stated that passengers are considered users, and as users, they have agreed to its privacy policy. Several car companies also mentioned that it is the driver's responsibility to inform passengers of the car's privacy policy." The company also said Mentioned, "Customers can choose not to use the car app or try not to use these connected services, but that means the car doesn't work properly or at all. Unless buying an older model, the customer has very little control and choice over privacy rights. We believe that legislatures and policymakers are behind it.”
The researchers tried to clarify their privacy policies with the car companies they analyzed, but only Mercedes-Benz gave a vague statement.
Mozilla concluded that the automotive industry performed the worst among the product types covered by the Privacy Free program. "We are concerned about the amount and sensitivity of the information collected by car companies. From their track record, we don't think they will keep this information safe. And we think that information is shared or sold to benefit from this data," the company said. We also worry that this is just the beginning. We worry that new sensor technology will help automakers create, collect, combine and sell even more user information."
Code Guard trial address: https://codesafe.qianxin.com
Open source guard trial address: https://oss.qianxin.com
Recommended reading
First Pwn2Own Car Competition Goals and Prizes Announced
How to unlock and start Hyundai and Genesis cars remotely?
Hackers can remotely unlock Honda cars through Rolling-PWN attack
Use relay attack to unlock and drive away car, Honda has no plans to fix (with video)
Original link
https://www.securityweek.com/25-major-car-brands-get-failing-marks-from-mozilla-for-security-and-privacy/
Title image: Pexels License
This article was compiled by Qi Anxin and does not represent the views of Qi Anxin. Please indicate "Reprinted from Qianxin Code Guard https://codesafe.qianxin.com" when reprinting.
Qi Anxin code guard (codesafe)
The first domestic product line focusing on software development security.
If you think it’s good, just click “Looking” or “Like”~