ConnectedDrive – sold but still connected

Cars

Naturally, as a security professional, I was interested to see what might happen if I kept the BMW App on my phone after changing cars in early July. ConnectedDrive is a feature from BMW that allows you to see the status of your car and do some basic things (model-depending) like honk the horn, unlock the car, flash lights and so on.

Imagine my surprise when cleaning Apps from my phone today – over 2 months later – that the car is still connected to my App and account. This might be down to the fact that the new owner who has bought the car did not yet pick it up….but this is bad hygiene from BMW.

I also assume it has a history in the navigation of where I’ve been and also still knows my (slightly wrong) home address. It also has songs on the internal harddrive that were loaded via USB (I could not find a way to wipe that either….).

It would, in my opinion, be reasonable to expect the car to be reset when it is handed over so that it is subsequently clean and in a reset state. After all, you would always expect someone selling an old phone or old computer to reset it (from experience, many computer owners do not do this though).

This process is not only essential for BMW but should be a mandatory process for all car makers. The Mozilla Foundation recently reported on data gathered by the “smart” components in cars and it makes for worrying reading.

Car makers: please create a simple way to reset the computing environments in your vehicles so that we, as owners, can wipe them. I looked, I could not find. It needs to be easy and obvious.