There's a smartphone security flaw that GM needs to fix ASAP.
The relationship between smartphones and cars is becoming increasingly more important as manufacturers devise new ways to make the ownership experience more convenient and enjoyable through connectivity software. Over the past few years, we've seen smartphones slowly evolve into control hubs that can manage several control features. Likely, this will only progress further as cars become more digitalized and connected.
With these features becoming more standardized in cars, security protocols must be advanced in parallel to ensure the safety and well-being of the owner. We've already seen some tech experts discover exploits in the framework of some of the most established manufacturers but this latest story out of Canada is a bit of an odd situation.
As reported by Radio Canada, Gilles Veilleux purchased a 2017 Cadillac Escalade that came standard with the MyCadillac smartphone connectivity app powered by GM's OnStar system. This can be used to control everything from the horn and lights to the ignition system. You can also use it to monitor the car's location, fuel level, mileage, and other parameters.
Last year Veilleux made the decision to let go of the premium SUV but shortly after the car left his possession, he realized that his profile was still connected to the car with the option of monitoring the location and controlling some of the features. This is a serious security design flaw and manufacturers need to eliminate the possibility of maintaining permission once the car is sold to a new owner.
It goes without saying that the dealership who sold the car should have ensured that all connected devices were cleared from the system before it was handed to its new owner, who Veilleux can confirm via the app is located in Saint Louis, Missouri. Thankfully, the publication decided to use the connectivity to track the new owners down so that they could inform them of this security flaw. As you can expect, they weren't too pleased about it.
The reporters tried to get an official answer from the dealership as to why the original owner's information was never cleared before delivery but they declined to respond to any of its correspondence. In response to the situation, GM Canada spokesperson Natalie Nankil said, "GM takes the privacy of customer data seriously and has procedures in place […] ensuring that a customer will notify GM when a sale or transfer occurs."