<!--#include virtual="/server/header.html" -->
<!-- Parent-Version: 1.96 -->
<!--#set var="DISABLE_TOP_ADDENDUM" value="yes" -->
<!-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                  Please do not edit <ul class="blurbs">!
    Instead, edit /proprietary/workshop/mal.rec, then regenerate pages.
           See explanations in /proprietary/workshop/README.md.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-->
<title>Malware In Cars
- GNU Project - Free Software Foundation</title>
<link rel="stylesheet" type="text/css" href="/side-menu.css" media="screen,print" />
 <!--#include virtual="/proprietary/po/malware-cars.translist" -->
<!--#include virtual="/server/banner.html" -->
<div class="nav">
<a id="side-menu-button" class="switch" href="#navlinks">
 <img id="side-menu-icon" height="32"
      src="/graphics/icons/side-menu.png"
      title="Section contents"
      alt=" [Section contents] " />
</a>

<p class="breadcrumb">
 <a href="/"><img src="/graphics/icons/home.png" height="24"
    alt="GNU Home" title="GNU Home" /></a> /
 <a href="/proprietary/proprietary.html">Malware</a> /
 By product /
</p>
</div>
<!--GNUN: OUT-OF-DATE NOTICE-->
<!--#include virtual="/server/top-addendum.html" -->
<div style="clear: both"></div>
<div id="last-div" class="reduced-width">
<h2>Malware In Cars</h2>

<div class="infobox">
<hr class="full-width" />
<p>Nonfree (proprietary) software is very often malware (designed to
mistreat the user). Nonfree software is controlled by its developers,
which puts them in a position of power over the users; <a
href="/philosophy/free-software-even-more-important.html">that is the
basic injustice</a>. The developers and manufacturers often exercise
that power to the detriment of the users they ought to serve.</p>

<p>This typically takes the form of malicious functionalities.</p>
<hr class="full-width" />
</div>

<div class="article">
<div class="important">
<p>If you know of an example that ought to be in this page but isn't
here, please write
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>
to inform us. Please include the URL of a trustworthy reference or two
to serve as specific substantiation.</p>
</div>

<div class="column-limit" id="malware-cars"></div>

<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M202409200">
    <!--#set var="DATE" value='<small class="date-tag">2024-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Kia cars were built with a back door that enabled the company's
    server to locate them and take control of them. The car's owner had
    access to these controls through the Kia server. This in itself
    is not objectionable. However, that Kia itself had such control
    is Orwellian, and ought to be illegal. The icing on the Orwellian
    cake is that the server had a security fault which <a
    href="https://samcurry.net/hacking-kia">allowed absolutely anyone to
    activate those controls</a> for any Kia car.</p>

    <p>Many people will be outraged at that security bug, but this was
    presumably an accident. The fact that Kia had such control over cars
    after selling them to customers is what outrages us, and that must
    have been intentional on Kia's part.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M202403110">
    <!--#set var="DATE" value='<small class="date-tag">2024-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://web.archive.org/web/20240311120515/https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html">
    GM is spying on drivers</a> who own or rent their cars, and give
    away detailed driving data to insurance companies through data
    brokers. These companies then analyze the data, and hike up insurance
    prices if they think the data denotes “risky driving.”
    For the car to  make this data available to anyone but the owner or
    renter of the car should be a crime.  If the car is owned by a rental
    company, that company should not have access to it either.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M202311080">
    <!--#set var="DATE" value='<small class="date-tag">2023-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Recent autos offer a feature by which the drivers
    can connect their snoop-phones to the car.  That feature <a
    href="https://therecord.media/class-action-lawsuit-cars-text-messages-privacy">
    snoops on the calls and texts</a> and gives the data to the car
    manufacturer, and to the state.</p>

    <p>A good privacy law would prohibit cars recording this data about
    the users' activities.  But not just <em>this</em> data—lots of
    other data too.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M202309080">
    <!--#set var="DATE" value='<small class="date-tag">2023-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>BMW has <a
    href="https://www.forbes.com/sites/alistaircharlton/2023/09/07/bmw-drops-controversial-heated-seats-subscription-to-refocus-on-software-services/">
    retreated from making car owners pay for a subscription to the heated
    seats feature</a>.</p>

    <p>Customers rejected it. Bravo for them!</p>

    <p>Instead BMW plans to require subscriptions for digital services
    and disservices—things related to the Orwellian tracking done
    by any “connected” car.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M202309060">
    <!--#set var="DATE" value='<small class="date-tag">2023-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>In an article from Mozilla, every car brand they researched <a
    href="https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/">
    has failed their privacy tests</a>. Some car manufacturers explicitly
    mention that they collect data which includes “sexual
    activities” and “genetic information”. Not only
    collecting any of such data is a huge privacy violation in the first
    place, some companies assume drivers and passengers' consent before
    they get in the car. Notably, Tesla threatens that the car may be
    “inoperable” if the user opts out of data collection.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M202307040">
    <!--#set var="DATE" value='<small class="date-tag">2023-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://www.theguardian.com/technology/2023/jul/04/smile-youre-on-camera-self-driving-cars-are-here-and-theyre-watching-you">
    Driverless cars in San Francisco collect videos constantly</a>, using
    cameras inside and outside, and governments have already collected
    those videos secretly.</p>

    <p>As the Surveillance Technology Oversight Project says, they are
    “driving us straight into authoritarianism.” We must <a
    href="/philosophy/surveillance-vs-democracy.html">regulate <em>all</em>
    cameras that collect images that can be used to track people</a>,
    to make sure they are not used for that.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M202304060">
    <!--#set var="DATE" value='<small class="date-tag">2023-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Tesla cars record videos of activity inside the car, and <a
    href="https://arstechnica.com/tech-policy/2023/04/tesla-workers-shared-images-from-car-cameras-including-scenes-of-intimacy/">
    company staff can watch those recordings and copy them</a>. Or at
    least they were able to do so until last year.</p>

    <p>Tesla may have changed some security functions so that this
    is harder to do.  But if Tesla can get those recordings, that is
    because it is planning for some people to use them in some situation,
    and that is unjust already.  It should be illegal to make a car
    that takes photos or videos of the people in the car—or of
    people outside the car.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M202304010">
    <!--#set var="DATE" value='<small class="date-tag">2023-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>GM is switching to a new
    audio/video system in its cars in order to <a
    href="https://edition.cnn.com/2023/04/01/business/gm-apple-play-evs/index.html">
    collect complete information about what people in the car watch or
    listen to, and also how they drive</a>.</p>

    <p>The new system for navigation and “driving assistance”
    will be tethered to various online dis-services, and GM will snoop on
    everything the users do with them.  But don't feel bad about that,
    because some of these subscriptions will be gratis for the first
    8 years.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M202302280">
    <!--#set var="DATE" value='<small class="date-tag">2023-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Volkswagen <a
    href="https://pluralistic.net/2023/02/28/kinderwagen/">
    tracks the location of every driver, and sells that data to
    third-parties</a>. However, it refuses to use the data to implement a
    feature for the benefit of its customers unless they pay extra money
    for it.</p>

    <p>This came to attention and brought controversy when Volkswagen
    refused to locate a car-jacked vehicle with a toddler in it because
    the owner of the car had not subscribed to the relevant service.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M202211301">
    <!--#set var="DATE" value='<small class="date-tag">2022-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Hackers discovered <a
    href="https://samcurry.net/web-hackers-vs-the-auto-industry/"> dozens
    of flaws in the security (in the usual narrow sense) of many brands
    of automobiles</a>.</p>

    <p>Security in the usual narrow sense means security against unknown
    third parties. We are more concerned with security in the broader
    sense—against the manufacturer as well as against unknown
    third parties. It is clear that each of these vulnerabilities can
    be exploited by the manufacturer too, and by any government that
    can threaten the manufacturer enough to compel the manufacturer's
    cooperation.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M202208220">
    <!--#set var="DATE" value='<small class="date-tag">2022-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Tesla <a
    href="https://www.cnn.com/2022/08/22/business/tesla-fsd-price-increase/index.html">
    sells an add-on software feature that drivers are not   allowed
    to use</a>.</p>

    <p>This practice depends on a back door, which is unjust in
    itself. Asking users to buy something years in advance to avoid having
    to pay an even higher price later is manipulative.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M202207300">
    <!--#set var="DATE" value='<small class="date-tag">2022-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The nonfree software in a Tesla artificially <a
    href="https://www.theguardian.com/business/2022/jul/30/will-connected-cars-persuade-drivers-to-pay-for-a-high-spec-ride">
    limits the car's driving range</a>, demanding ransom to unlock the
    battery's full charge.</p>

    <p>This is one more reason why cars must not be “connected.”</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M202207140">
    <!--#set var="DATE" value='<small class="date-tag">2022-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>BMW is now luring British customers into <a
    href="https://edition.cnn.com/2022/07/14/business/bmw-subscription/index.html">
    paying for the built-in heated-seat feature of their new cars on a
    subscription basis</a>. People also have the option to buy the feature
    when they are paying for the car, but those who bought a used car have
    to pay BMW extra money to remotely enable the heated seats. This is
    probably done by BMW accessing a back door in the car software.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M202207040">
    <!--#set var="DATE" value='<small class="date-tag">2022-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>A bug in Tesla cars software  <a
    href="https://www.tweaktown.com/news/86780/new-app-allows-hackers-to-steal-teslas-by-making-their-own-keys/index.html">
    lets crackers install new car keys</a>, unlock cars, start engines,
    and even prevent real owners from accessing their cars.</p>

    <p>A cracker even reported that he was able to <a
    href="https://fortune.com/2022/01/12/teen-hacker-david-colombo-took-control-25-tesla-ev/">
    disable security systems and take control of 25 cars</a>.</p>

    <small>Please note that these articles wrongly use the word “<a
    href="/philosophy/words-to-avoid.html#Hacker">hacker</a>”
    instead of cracker.</small>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M202111200">
    <!--#set var="DATE" value='<small class="date-tag">2021-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Hundreds of Tesla drivers <a
    href="https://www.theguardian.com/technology/2021/nov/20/tesla-app-outage-elon-musk-apologises">were
    locked out of their cars as a result of Tesla's app suffering from an
    outage</a>, which happened because the app is tethered to the company's
    servers.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M202008181">
    <!--#set var="DATE" value='<small class="date-tag">2020-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>New Toyotas will <a
    href="https://www.theregister.com/2020/08/18/aws_toyota_alliance/">
    upload data to AWS to help create custom insurance premiums</a>
    based on driver behaviour.</p>

    <p>Before you buy a “connected” car, make sure you can
    disconnect its cellular antenna and its GPS antenna.  If you want
    GPS navigation, get a separate navigator which runs free software
    and works with Open Street Map.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M202007010">
    <!--#set var="DATE" value='<small class="date-tag">2020-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>BMW will remotely <a
    href="https://www.cnet.com/roadshow/news/bmw-vehicle-as-a-platform/">
    enable and disable functionality in cars</a> through a universal
    back door.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201912171">
    <!--#set var="DATE" value='<small class="date-tag">2019-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Most modern cars now <a
    href="https://boingboing.net/2019/12/17/cars-now-run-on-the-new-oil.html">
    record and send various kinds of data to the manufacturer</a>. For
    the user, access to the data is nearly impossible, as it involves
    cracking the car's computer, which is always hidden and running with
    proprietary software.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201912110">
    <!--#set var="DATE" value='<small class="date-tag">2019-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>As tech companies add microphones to a wide range
    of products, including refrigerators and motor vehicles,
    they also set up transcription farms where human employees <a
    href="https://getpocket.com/explore/item/silicon-valley-got-millions-to-let-siri-and-alexa-listen-in">
    listen to what people say</a> and tweak the recognition algorithms.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201909160">
    <!--#set var="DATE" value='<small class="date-tag">2019-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Tesla users claim Tesla <a
    href="https://www.reuters.com/article/us-tesla-battery/tesla-owner-lawsuit-claims-software-update-fraudulently-cut-battery-capacity-idUSKCN1UY2TW">force-installed
    href="https://www.reuters.com/article/us-tesla-battery/tesla-owner-lawsuit-claims-software-update-fraudulently-cut-battery-capacity-idUSKCN1UY2TW/">force-installed
    software to cut down on battery range</a>, rather than replace the
    defective batteries. Tesla did this to avoid having to run their
    warranty.</p>

    <p>This means that proprietary software can potentially be a way to
    commit perjury with impunity.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201904150">
    <!--#set var="DATE" value='<small class="date-tag">2019-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p id="M201509210">Volkswagen programmed its car engine computers to <a
    href="https://www.petri.com/volkswagen-used-software-to-cheat-on-emissions">
    href="https://petri.com/volkswagen-used-software-to-cheat-on-emissions/">
    detect the Environmental Protection Agency's emission tests</a>, and
    run dirty the rest of the time. In real driving, the cars exceeded
    emissions standards by a factor of up to 35.</p>

    <p>Using free software would not have stopped Volkswagen from
    programming it this way, but would have made it harder to conceal,
    and given the users the possibility of correcting the deception.</p>

    <p>Former executives of Volkswagen are being <a
    href="https://www.theguardian.com/business/2019/apr/15/former-head-of-volkswagen-could-face-10-years-in-prison">
    sued over this fraud</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201903290">
    <!--#set var="DATE" value='<small class="date-tag">2019-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Tesla cars collect lots of personal data, and <a
    href="https://www.cnbc.com/2019/03/29/tesla-model-3-keeps-data-like-crash-videos-location-phone-contacts.html">
    when they go to a junkyard the driver's personal data goes with
    them</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201902011">
    <!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The FordPass Connect feature of some Ford vehicles has <a
    href="https://www.myfordpass.com/content/ford_com/fp_app/en_us/termsprivacy.html">
    href="https://web.archive.org/web/20200530023040/https://www.myfordpass.com/content/ford_com/fp_app/en_us/termsprivacy.html">
    near-complete access to the internal car network</a>. It is constantly
    connected to the cellular phone network and sends Ford a lot of data,
    including car location. This feature operates even when the ignition
    key is removed, and users report that they can't disable it.</p>

    <p>If you own one of these cars, have you succeeded in breaking the
    connectivity by disconnecting the cellular modem, or wrapping the
    antenna in aluminum foil?</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201812300">
    <!--#set var="DATE" value='<small class="date-tag">2018-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>New GM cars <a
    href="https://media.gm.com/media/us/en/gmc/vehicles/canyon/2019.html">
    offer the feature of a universal back door</a>.</p>

    <p>Every nonfree program offers the user zero security against its
    developer. With this malfeature, GM has explicitly made things even
    worse.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201811300">
    <!--#set var="DATE" value='<small class="date-tag">2018-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>In China, it is mandatory for electric
    cars to be equipped with a terminal that <a
    href="https://www.apnews.com/4a749a4211904784826b45e812cff4ca">
    href="https://apnews.com/article/north-america-ap-top-news-international-news-shanghai-china-4a749a4211904784826b45e812cff4ca">
    transfers technical data, including car location,
    to a government-run platform</a>. In practice, <a
    href="/proprietary/proprietary-surveillance.html#car-spying">
    manufacturers collect this data</a> as part of their own spying, then
    forward it to the government-run platform.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201810230">
    <!--#set var="DATE" value='<small class="date-tag">2018-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>GM <a
    href="https://boingboing.net/2018/10/23/dont-touch-that-dial.html">
    tracked the choices of radio programs</a> in its
    “connected” cars, minute by minute.</p>

    <p>GM did not get users' consent, but it could have got that easily by
    sneaking it into the contract that users sign for some digital service
    or other. A requirement for consent is effectively no protection.</p>

    <p>The cars can also collect lots of other data: listening to you,
    watching you, following your movements, tracking passengers' cell
    phones. <em>All</em> such data collection should be forbidden.</p>

    <p>But if you really want to be safe, we must make sure the car's
    hardware cannot collect any of that data, or that the software
    is free so we know it won't collect any of that data.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201711230">
    <!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>AI-powered driving apps can <a
    href="https://www.vice.com/en/article/43nz9p/ai-powered-driving-apps-can-track-your-every-move">
    track your every move</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201709290">
    <!--#set var="DATE" value='<small class="date-tag">2017-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Bad security in some cars makes it possible to <a
    href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14937">
    remotely activate the airbags</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201709090.1">
    <!--#set var="DATE" value='<small class="date-tag">2017-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Tesla used software to limit the part of the battery
    that was available to customers in some cars, and <a
    href="https://techcrunch.com/2017/09/09/tesla-flips-a-switch-to-increase-the-range-of-some-cars-in-florida-to-help-people-evacuate/">
    a universal back door in the software</a> to temporarily increase
    this limit.</p>

    <p>While remotely allowing car “owners” to use the
    whole battery capacity did not do them any harm, the same back
    door would permit Tesla (perhaps under the command of some
    government) to remotely order the car to use none of its battery. Or
    perhaps to drive its passenger to a torture prison.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201702170">
    <!--#set var="DATE" value='<small class="date-tag">2017-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The mobile apps for communicating <a
    href="https://www.bleepingcomputer.com/news/security/millions-of-smart-cars-vulnerable-due-to-insecure-android-apps/">with
    a smart but foolish car have very bad security</a>.</p>

    <p>This is in addition to the fact that the car contains a cellular
    modem that tells big brother all the time where it is.  If you own
    such a car, it would be wise to disconnect the modem so as to turn
    off the tracking.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201611060">
    <!--#set var="DATE" value='<small class="date-tag">2016-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="http://jalopnik.com/america-figured-out-a-new-way-audi-cheated-on-emissions-1788630969">
    href="https://jalopnik.com/america-figured-out-a-new-way-audi-cheated-on-emissions-1788630969">
    Audi's proprietary software used a simple method to cheat on emissions
    tests</a>: to activate a special low-emission gearshifting mode until
    the first time the car made a turn.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201608110">
    <!--#set var="DATE" value='<small class="date-tag">2016-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Due to weak security, <a
    href="http://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844">it
    href="https://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844">it
    is easy to open the doors of 100 million cars built by
    Volkswagen</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201607160">
    <!--#set var="DATE" value='<small class="date-tag">2016-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p id="car-spying">Computerized cars with nonfree software are <a
    href="http://www.thelowdownblog.com/2016/07/your-cars-been-studying-you-closely-and.html">
    snooping devices</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201602240">
    <!--#set var="DATE" value='<small class="date-tag">2016-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p id="nissan-modem">The Nissan Leaf has a built-in
    cell phone modem which allows effectively anyone to <a
    href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">
    access its computers remotely and make changes in various
    settings</a>.</p>

    <p>That's easy to do because the system has no authentication
    when accessed through the modem.  However, even if it asked
    for authentication, you couldn't be confident that Nissan
    has no access.  The software in the car is proprietary, <a
    href="/philosophy/free-software-even-more-important.html">which means
    it demands blind faith from its users</a>.</p>

    <p>Even if no one connects to the car remotely, the cell phone modem
    enables the phone company to track the car's movements all the time;
    it is possible to physically remove the cell phone modem, though.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201511194">
    <!--#set var="DATE" value='<small class="date-tag">2015-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Caterpillar vehicles come with <a
    href="http://www.zerohedge.com/news/2015-11-19/caterpillar-depression-has-never-been-worse-it-has-cunning-plan-how-deal-it">
    href="https://web.archive.org/web/20201108113943/https://www.zerohedge.com/news/2015-11-19/caterpillar-depression-has-never-been-worse-it-has-cunning-plan-how-deal-it">
    a back door to shutoff the engine</a> remotely.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201508120">
    <!--#set var="DATE" value='<small class="date-tag">2015-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Security researchers discovered a <a
    href="http://www.theguardian.com/technology/2015/aug/12/hack-car-brakes-sms-text">
    href="https://www.theguardian.com/technology/2015/aug/12/hack-car-brakes-sms-text">
    vulnerability in diagnostic dongles used for vehicle tracking and
    insurance</a> that let them take remote control of a car or lorry
    using an SMS.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201507214">
    <!--#set var="DATE" value='<small class="date-tag">2015-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Crackers were able to <a
    href="http://arstechnica.com/security/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/">
    href="https://arstechnica.com/information-technology/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/">
    take remote control of the Jeep</a> “connected car”. They
    could track the car, start or stop the engine, and activate or
    deactivate the brakes, and more.</p>

    <p>We expect that Chrysler and the NSA can do this too.</p>

    <p>If you own a car that contains a phone modem, it would be a good
    idea to deactivate this.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201311130">
    <!--#set var="DATE" value='<small class="date-tag">2013-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://www.eff.org/deeplinks/2013/11/drm-cars-will-drive-consumers-crazy">
    DRM in cars will drive consumers crazy</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201306140">
    <!--#set var="DATE" value='<small class="date-tag">2013-06</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Tesla cars allow the company to extract
    data remotely and determine the car's location
    at any time. (See Section 2, paragraphs b and c of the <a
    href="https://www.tesla.com/sites/default/files/pdfs/en_US/tmi_privacy_statement_external_6-14-2013_v2.pdf">
    privacy statement</a>.) The company says it doesn't store this
    information, but if the state orders it to get the data and hand it
    over, the state can store it.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201303250">
    <!--#set var="DATE" value='<small class="date-tag">2013-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p id="records-drivers">Proprietary software in cars <a
    href="http://www.usatoday.com/story/money/cars/2013/03/24/car-spying-edr-data-privacy/1991751/">
    href="https://www.usatoday.com/story/money/cars/2013/03/24/car-spying-edr-data-privacy/1991751/">
    records information about drivers' movements</a>, which is made
    available to car manufacturers, insurance companies, and others.</p>

    <p>The case of toll-collection systems, mentioned in this article,
    is not really a matter of proprietary surveillance. These systems
    are an intolerable invasion of privacy, and should be replaced with
    anonymous payment systems, but the invasion isn't done by malware. The
    other cases mentioned are done by proprietary malware in the car.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-cars.html. -->
  <li id="M201103110">
    <!--#set var="DATE" value='<small class="date-tag">2011-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>It is possible to <a
    href="http://www.pcworld.idg.com.au/article/379477/hacking_music_can_take_control_your_car/">
    href="https://www.pcworld.com/article/495592/with_hacking_music_can_take_control_of_your_car.html">  
    take control of some car computers through malware in music files</a>. 
    Also <a
    href="http://www.nytimes.com/2011/03/10/business/10hack.html?_r=0">
    href="https://www.nytimes.com/2011/03/10/business/10hack.html">
    by radio</a>. More information in <a
    href="http://www.autosec.org/faq.html">
    href="https://web.archive.org/web/20240308015157/http://www.autosec.org/faq.html"> Automotive Security And
    Privacy Center</a>.</p>
  </li>
</ul>
</div>

</div>
<!--#include virtual="/proprietary/proprietary-menu.html" -->
<!--#include virtual="/server/footer.html" -->
<div id="footer" role="contentinfo">
<div class="unprintable">

<p>Please send general FSF & GNU inquiries to
<a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>.
There are also <a href="/contact/">other ways to contact</a>
the FSF.  Broken links and other corrections or suggestions can be sent
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p>

<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
        replace it with the translation of these two:

        We work hard and do our best to provide accurate, good quality
        translations.  However, we are not exempt from imperfection.
        Please send your comments and general suggestions in this regard
        to <a href="mailto:web-translators@gnu.org">
        <web-translators@gnu.org></a>.</p>

        <p>For information on coordinating and contributing translations of
        our web pages, see <a
        href="/server/standards/README.translations.html">Translations
        README</a>. -->
Please see the <a
href="/server/standards/README.translations.html">Translations
README</a> for information on coordinating and contributing translations
of this article.</p>
</div>

<!-- Regarding copyright, in general, standalone pages (as opposed to
     files generated as part of manuals) on the GNU web server should
     be under CC BY-ND 4.0.  Please do NOT change or remove this
     without talking with the webmasters or licensing team first.
     Please make sure the copyright date is consistent with the
     document.  For web pages, it is ok to list just the latest year the
     document was modified, or published.
     
     If you wish to list earlier years, that is ok too.
     Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
     years, as long as each year in the range is in fact a copyrightable
     year, i.e., a year in which the document was published (including
     being publicly visible on the web or in a revision control system).
     
     There is more detail about copyright years in the GNU Maintainers
     Information document, www.gnu.org/prep/maintain. -->

<p>Copyright © 2017-2021 2017-2024 Free Software Foundation, Inc.</p>

<p>This page is licensed under a <a rel="license"
href="http://creativecommons.org/licenses/by/4.0/">Creative
Commons Attribution 4.0 International License</a>.</p>

<!--#include virtual="/server/bottom-notes.html" -->

<p class="unprintable">Updated:
<!-- timestamp start -->
$Date: 2024/11/26 12:34:25 $
<!-- timestamp end -->
</p>
</div>
</div><!-- for class="inner", starts in the banner include -->
</body>
</html>