Mastodawn

Automakers Are Sharing Consumers’ Driving Behavior With Insurance Companies

https://infosec.pub/post/9560621

Automakers Are Sharing Consumers’ Driving Behavior With Insurance Companies - Infosec.Pub

>Kenn Dahl says he has always been a careful driver. The owner of a software company near Seattle, he drives a leased Chevrolet Bolt. He’s never been responsible for an accident. > >So Mr. Dahl, 65, was surprised in 2022 when the cost of his car insurance jumped by 21 percent. Quotes from other insurance companies were also high. One insurance agent told him his LexisNexis report was a factor. > >LexisNexis is a New York-based global data broker with a “Risk Solutions” division that caters to the auto insurance industry and has traditionally kept tabs on car accidents and tickets. Upon Mr. Dahl’s request, LexisNexis sent him a 258-page “consumer disclosure report,” which it must provide per the Fair Credit Reporting Act. > >What it contained stunned him: more than 130 pages detailing each time he or his wife had driven the Bolt over the previous six months. It included the dates of 640 trips, their start and end times, the distance driven and an accounting of any speeding, hard braking or sharp accelerations. The only thing it didn’t have is where they had driven the car. > >On a Thursday morning in June for example, the car had been driven 7.33 miles in 18 minutes; there had been two rapid accelerations and two incidents of hard braking.

GolfNovemberUniform Mar 11, 2024

I think this should be legally prohibited. Also is it possible to physically disconnected the network modules so they can’t send anything?

vlad Mar 11, 2024

I’m sure it’s possible, but I’m sure they’ve made it as painful as it can be.

Shurimal Mar 11, 2024

Most likely the module, if it is a separate module and not part of the SoC of the infotainment system or whatever, works over CAN bus and the car will throw errors when it doesn't detect its presence, or doesn't detect the SIM card. Might even refuse to start if that module is missing. Might be possible to remove the antenna so the car thinks it's just outside of the service area, but if it's built into the PCB and the PCB is cast into resin/silicone for waterproofing, even this might be extremely difficult. Probably the module is also serialized* so replacing it with a "dummy" module or a module from a junkyard won't spoof the system, either.

*Manufacturers have been serializing even airbags for years, making replacing a faulty one with one from a junkyard impossible.

IllNess Mar 11, 2024

Maybe we can trick it forever that it is far away from a cell tower. That way the car has to start without connection.

Who knows, maybe they force you to use their app and after driving and connecting to the internet, that sends data back to the manufacturer.

Patches Mar 11, 2024

You’re approaching it in the wrong way. You don’t need to stop the Data Collection just the phone home. Find the antenna and Faraday Cage it.

AngryJadeRabbit Mar 11, 2024

Yeah, some aluminum foil on the inside of those shark fin antennas will probably stop all communication. Just have to use your phone for radio & navigation, which isn’t a big deal on CarPlay or whatever the androids use.

Refurbished Refurbisher Mar 11, 2024

If you use foil, it’d be best to connect it to ground. The metal shell of a car is usually connected to the ground terminal of the battery.

rikonium Mar 11, 2024

I’m sure it varies widely. In Toyota’s you can call in to disconnect (I did it while waiting for a tire pressure machine) but to do it physically you pull a single fuse and the trade off is losing the microphone.

Others have pulled the dash and disconnected antennae but it just reduces the range of the box since it’s a cellular radio like a phone.

vlad Mar 11, 2024

Do you have any resources that I can use to learn more about about removing telemetry from a vehicle? Is there a good forum that could help me potentially do this to my car?

rikonium Mar 11, 2024

There’s no easy one-stop solution since it can vary widely.

I would look at subreddits (yuck, reddit!), or dedicated forums for your model if they exist, you’d probably be surprised what’s out there. (Example, there’s Piloteers (Honda Pilot), Kia-Forums (Kia), 4Runners and Toyota-4Runner, etc. But information may be scattered.

First objective is figuring out if it’s even on your vehicle or applicable. Older 3G radios are done since the networks that connected to them are gone now. My '16 Kia had no cellular radio. Maybe you have an SOS button or they advertise a phone app to control your vehicle remotely?

BakerBagel Mar 11, 2024

Since Nissan and Kia both explicitly state they reserve the right to collect and sell data about your sex life, disabling the microphone is probably a good idea.

Kia And Nissan Could Know When You're Having Sex

Mozilla looked through the data-collection habits of 25 automakers. They're all creepy.

Jalopnik

rikonium Mar 11, 2024

in this case that’s Toyota specific and it means likely loss of phone calls on the go (but nothing else) even though the data can’t leave your vehicle anymore. It all depends on how they wire up the system. Maybe it’s easier, maybe it’s tied to something random.

Sabata11792 Mar 11, 2024

I can't wait to see tuturials. I don't know much about cars and would love to see people disable these, or perhaps do something malicious. Not that I have a new enough car yet, but I know one day it's going to be unavoidable.

sugar_in_your_tea Mar 11, 2024

As long as you know where they are, a simple faraday cage should work perfectly. Basically, surround the module with an electrically conductive material to catch radio waves.

Faraday cage - Wikipedia

Sabata11792 Mar 11, 2024

I was thinking something like free data plan till they disable the transmitter or at least an unplug. Never bought a new car, do you agree to terms and conditions or sign a contract specifically mentioning/consenting to the tracking?

rikonium Mar 11, 2024

In Toyota’s there’s a red sticker on the dash talking about it and how to opt-out. (or at least I’ve seen it in a rental and a new car - but it might also be yanked by dealer’s PDI)

driving_crooner Mar 11, 2024

If you’re using android auto or something like that this information is going to be transmitted on the same connection used for navigation and internet so you better learn the map of the city again if you want to scape the Spyware.

catloaf Mar 11, 2024

If it doesn’t already, that’s probably going to put you in the high-risk group with other car modders.

ColeSloth Mar 11, 2024

It will be cat and mouse, but I would imagine for the time being, disconnecting the cell antenna on the board would stop it. Who knows what kind of, if any bullshit extra errors and codes that will keep popped up but I’m guessing if it became a popular thing, they would start making cars that will create bullshit errors and codes. I wouldn’t do anything permanent until the warranty period is over.

AwkwardLookMonkeyPuppet Mar 11, 2024

How dare you demand privacy!

sugar_in_your_tea Mar 11, 2024

Simple answer that should always work: surround the chip/antenna with a faraday cage. The hardest part is finding the chip, not in disabling it.

Faraday cage - Wikipedia

GolfNovemberUniform Mar 11, 2024

Why not to just break the antenna (or whatever it has) in half? It’s much simpler and shouldn’t cause damage to the chip itself

rikonium Mar 11, 2024

The antennae only likely won’t reduce range enough. Check for an opt-out procedure prior to purchase since that’s easiest, then look for what fuse powers the connection (also easy), but worse case, lay eyes on the module itself and evaluate.

GolfNovemberUniform Mar 11, 2024

Yea I guess it’s a better choice

geekworking Mar 13, 2024

Somebody could go to jail for this. You.

The DMCA makes it a felony to circumvent protections in services. If they wanted to push this and depending on the system disabling or using some hack to bypass could be illegal.

I don’t think that anyone would actually bring the case against an individual, but a company selling any sort of device or instructions to make it easier for people could be targeted.

GolfNovemberUniform Mar 13, 2024

If they make disabling spyware illegal, I’ll do it anyways because human rights. If they decide to charge me for it, I’ll just consider it a violation of my freedoms

BestBouclettes Mar 11, 2024

We didn’t see that one coming huh

Cyborganism Mar 11, 2024

I still have my 2010 Mazda 3. The only tech it has is Bluetooth connectivity for phone and music and some voice commands for calls.

The day I will change cars will be the day my car completely dies and there’s nothing I can do about it, or it becomes illegal to drive, or it gets wrecked in an accident.

I don’t ever want the new cars. I hate hate hate the stupid touch tablets they’ve put to control everything instead of physical knobs, and now this fucking crap where your car spies on you and rats you out to you insurance company.

BolexForSoup Mar 11, 2024

Later model 3 but definitely lower-tech (has the touchscreen nonsense but no internet or anything) and I plan on running it as long as possible lol

cobra89 Mar 11, 2024

The Model 3 doesn’t connect to the Internet? I find that really hard to believe. Isn’t there a smartphone app you can use to control the car?

Patches Mar 11, 2024

I don’t know how to tell you but just because the Car can phone home with cellular - doesn’t mean you will see it has Internet.

BolexForSoup Mar 11, 2024

I’m not entitled sure what you’re saying tbh.

Anyway I don’t use their GPS and I don’t let it sync contacts or other info. I Bluetooth and run music off the phone locally or my Plex server. It’s from 2016 so I’m fairly certain it doesn’t have the same data back and forth you’re seeing in more current cars.

brbposting Mar 11, 2024

Do you get updates over the air?

BolexForSoup Mar 11, 2024

Not that I know of no. For instance, to activate their navigation, you need to buy a $200 SD card. You can't do anything remotely AFAIK with this car.

I don't think any of that stuff started until the Mazda Connect app or whatever it's called.

DominusOfMegadeus Mar 11, 2024

They can pry my 2007 Tundra from my cold dead hands.

dmtalon Mar 11, 2024

2008 Crewmax SR5, bought new 12/2007. I feel exactly the same way.

DominusOfMegadeus Mar 11, 2024

Double Cab 4.7L SR5 (honestly no idea what SR5 even means) 8ft Bed. Bought used in 2011. Only 92k miles so far. Drove it from Philly to Anchorage and lived in Alaska for 3 years. Currently in Massachusetts. Respect.

dmtalon Mar 11, 2024

Mine has like 165k. First vehicle I bought myself new. SR5 is just the middle package. They had the low trim as no named, SR5 then limited.

I got mine from Jim Barkley (brand new). Six hour drive. I drove down there in a 1999 Chevy S10 ZR-2 and traded it in and bought the Tundra. I was there like 30-45 min and I financed it with them. Jim Barkley is gone now, but that was such a pleasurable experience for a car buying experience.

Still love this truck!

Perhapsjustsniffit Mar 11, 2024

Just put a new engine in my 08 sequoia. No new cars for me.

Mike D.Mar 11, 2024

Agreed.

I now need to root my Android and put a new OS so it stops telling Google where I am. I’m slightly afraid as I just want my phone to work when I need it.

I’m sure T-Mobile uses my location data for something too.

Sabata11792 Mar 11, 2024

Everyone calls me paranoid for even just giving a shit about being spied on. Am I supposed to enjoy getting reamed by the rich?

RBG Mar 11, 2024

But you don’t have to worry if you got nothing to hide… /s

/home/pineapplelover Mar 11, 2024

I’ve seen people drive. They definitely would want to hide their driving habits from insurance companies

AwkwardLookMonkeyPuppet Mar 11, 2024

Your driving record should speak for itself. I don’t need nor want insurance companies tracking people’s private lives.

driving_crooner Mar 11, 2024

Moving from 64 to 65 also moves you from a different age bracket, I would guess that this is the main reason he saw a general rise on his insurance cost from all the other insurance companies.

snooggums Mar 11, 2024

True, but the insurance agent told him the spyware report was a factor.

wise_pancake Mar 11, 2024

Age buckets are so archaic

driving_crooner Mar 11, 2024

I think they totally have the computer power to use an hyper parametric model with each age as own variable. A problem this could had, is that they are not going to be enough older adults to accurately assess the risk of them and the model could end showing that 80yo’s are better drivers than 30yo’s.

wise_pancake Mar 11, 2024

You can use regression splines or lowess to locally weight the areas with low data based on what you do know, it keeps your parameter count down but still performs well even at the tails.

sugar_in_your_tea Mar 11, 2024

I disagree, they’re effective and a reasonably privacy-friendly way of predicting risk. Younger people are generally more aggressive drivers than older people, and older people generally have worse reactions than younger people. It’s one of the strongest indicators for driving behavior before an infraction is recorded.

I don’t like it either, but it’s better imo than using one of those driving meters.

wise_pancake Mar 11, 2024

So I’m not against using age, but binning it coarsely is the issue when it can be handled much more granularly.

64-65 is probably a negligible amount of risk increase, but 64-69 is going to be much bigger. Looking at younger ages the effect is more extreme where they’re probably charging late 20’s drivers more because they’re pooled with low 20’s.

Anyway, on average it probably works out the same, but in practice I never bin data where I can avoid it, since you get better information looking at it as a continuous range.

sugar_in_your_tea Mar 11, 2024

Ah, makes sense. I’m guessing that their data sources bin ages as well, so there could be issues in moving to a continuous range.

I wish the whole thing was more transparent.

agitatedpotato Mar 11, 2024

Comprehensive privacy law time? Nahh just ban the Chinese EVs and pretend this doesn’t happen. Same thing as tiktok. You’ll never be protected as long as they can point to the Chinese boogyman.

Ephera Mar 11, 2024

Yeah, I feel like that’s why the EU has such strong privacy regulations. Tech giants in our market are mostly either state-tolerated&-utilized monopolies from the US or state-owned monopolies from China.

RaoulDook Mar 11, 2024

There’s also the potential that raising concerns of Chinese spyware raises more concern of the rest of it. They should continue raising those concerns about them all. And ban all the spyware.

JohnDClay Mar 11, 2024

Is there a way to disable this? Does it report though android auto? Is there a way to prevent those packets sending?

Patches Mar 11, 2024

The car has a cellular connection and whoever manufacturers the car probably pays for it.

How to disable? Probably not without breaking something else. You could at best block the Connection with Lead foil but you’d have to find where it was.

JohnDClay Mar 11, 2024

If it’s not through android auto, I’m fine just connecting though a hardwired USBC to my phone.

rikonium Mar 11, 2024

Varies widely. In Toyota’s you call via the SOS button, have your VIN and they can do it. There are also other direct ways like pulling the Mayday fuse to disconnect the “Data Connection Module” (DCM) but that takes the microphone with it.

Some older vehicles that have 3G radios might not have been disconnected explicitly but are as good as dead because 3G as they knew it is gone.

It does not report via Android Auto since these vehicles have their own cellular radios, but not to say Google has its own metrics.

/home/pineapplelover Mar 11, 2024

I was going through a reddit post that asked a question how to remove network on a Tesla model 3 and they were all like “I’ve got nothing to hide” “you’re cheating on your wife” etc. However, I did find some schematics and there are guides on youtube.

olegkutkov.me/…/tesla-model-3-us-lte-modem-replac…

teslamotorsclub.com/…/tesla-model-3-sim-replaceme…