back to article Shock Land Rover Discovery: Sellers could meddle with connected cars if not unbound

Both data and the online controls on "connected cars" from Jaguar Land Rover remain available to previous owners, according to security experts and owners of the upmarket vehicles. The car maker has defended its privacy safeguards and security of its InControl tech. El Reg began investigating the issue after talking to Matt …

  1. Anonymous Coward
    Anonymous Coward

    From personal experience of being within JLR dealers, it's too much faff for sales droids to 'unbind' a VIN, regardless of what the dealer minimum standards document says..... bit like PDI battery tests ;-)

  2. uncle sjohie

    GDPR?

    Mayby someone should tell them about the GDPR?

    1. Anonymous Coward
      Anonymous Coward

      Re: GDPR?

      Hence why the V5 no longer shows the previous keeper

      1. Anonymous Coward
        Anonymous Coward

        Re: GDPR?

        >Hence why the V5 no longer shows the previous keeper

        As loved by "Dodgy Dave" Motors.

    2. IceC0ld

      Re: GDPR?

      and I will doubt if it is JUST JLR that has this option available ?

      and therefore may we know how the other manufacturers go about the disconnect of old users from the data ?

    3. Benchops

      Re: GDPR?

      > It is important to note that when the initial customer accepts the terms and conditions of Remote Premium services that they are agreeing to unbind the vehicle from themselves when they sell it on.

      So the previous owner has agreed to a set of terms and conditions with ... whom? I don't think it's the dealership and it's certainly not any future owner of the car. Presumably with JLR (but possibly a 3rd party app owner??). In which case how do they propose to enforce the agreement (T&C) they have with the previous owner? It sure as heck isn't the new owner's responsibility to enforce that agreement!

      1. Roland6 Silver badge

        Re: GDPR?

        Re: So the previous owner has agreed to a set of terms and conditions with ... whom? I don't think it's the dealership and it's certainly not any future owner of the car.So the previous owner has agreed to a set of terms and conditions with ... whom? I don't think it's the dealership and it's certainly not any future owner of the car.

        Well if you buy a new car or a second hand car, through a dealer, effectively agree to two contracts: firstly with the manufacturer (eg. warranties) and secondly with the dealer for servicing etc.

        Remember one of the reasons dealers 'partner' with manufacturers is because it gives them a better business potential, so they aren't looking at the single new car sale but at the n-years of servicing etc. that will follow.

        One of the things I discovered about the Vauxhall scheme was that a car was registered to both its owner and to a dealership, specifically the dealership who sold the car to the customer. Thus if the original customer traded their car in at the dealership that originally supplied it, the online account termination process works. However, if the customer sells the car elsewhere, both their account and the dealers' control of it continues. Walk into another dealership and you find that they can't do anything (wrt account management), because the account is still owned. In saying the above nothing stops you from using the car and having it serviced wherever, just that if you want to take advantage of the online account and the benefits it gives, you have to unravel the online account ownership and transfer issue.

  3. fixit_f

    Expect nothing less of JLR. Awful company, utterly dreadful vehicles, don't touch them with a barge pole.

    1. David Shaw

      Land Rover pwned?

      A previous JLR model that we used for a (legitimate research ) Bluetooth attack was slightly flawed in having a BT pin that was fixed, immutable. It wasn’t the VIN code, but those guessing “00000” would only be one zero out!

      1. Camilla Smythe

        Re: Land Rover pwned?

        Yah-But

        Where do you put the missing zero AY?

        Lah-Dee-Dah 'legitimate research person'. Not looking so clever now are you?

        1. Anonymous Coward
          Anonymous Coward

          Re: Land Rover pwned?

          Maybe you have to remove a zero. See, this stuff is more complicated than you thought. You really should leave it to the experts.

          1. Camilla Smythe

            Re: Land Rover pwned?

            Sheesh! There's always one.

            Perhaps you are getting yourself confused by the OP saying "one zero out" and thinking that a zero needs to be removed but removing a zero leaves a space. Like that is really going to work in that the pin now has a space in it.

            00000

            00_00

            See?

            1. Anonymous Coward
              Anonymous Coward

              Re: Land Rover pwned?

              Noooo. You have *substituted* a space for a zero. You have to *delete* the zero.

              00000

              0000

              Get it?

              1. Camilla Smythe

                Re: Land Rover pwned?

                Fine... Have it your way but you have just proved my point. Neither I or anyone else would be able to easily tell which zero you removed.

                Anyway my methodology is also much more secure than yours since you can only remove one of five zeroes whereas I have six places where I can add a zero.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Land Rover pwned?

                  IT LITERALLY MAKES NO BLOODY DIFFERENCE!

                  00000

                  0000

                  0000

                  0000

                  0000

                  0000

                  THEY ARE ALL THE SAME!

                  1. Camilla Smythe

                    Re: Land Rover pwned?

                    All Caps and Swearing. I guess we can all see who is losing the argument here.

                    Anyway. How do I know that you did not cheat and just type five zeroes followed by five sets of four zeroes rather than doing it properly?

  4. Anonymous Coward
    Anonymous Coward

    GDPR to the rescue

    > JLR needs a bullet-proof method for this to be automatically disconnected when the vehicle changes hands. I don't know how you do this but the current process is clearly not sufficient."

    There is a bullet-proof method. It's called 'reminding' JLR that they can be fined up to 4% of global revenue because they are a data processor, processing personal information about you (your home address for starters) and allowing that information to be passed to an unknown 3rd party without your consent and without a clear business need.

    If they don't act immediately you can also 'remind' them that you can start a private prosecution - no need to wait for the ICO to review and take up your case.

    1. Anonymous Coward
      Anonymous Coward

      Re: GDPR to the rescue

      "no need to wait for the ICO to review and take up your case."

      So when will we start seeing an army of no win no fee ambulance chasing law firm advertisements?

      Until they start showing up, there's no evidence this ICO/GDPR process is working (for those affected), surely?

      1. Roland6 Silver badge

        Re: GDPR to the rescue

        >So when will we start seeing an army of no win no fee ambulance chasing law firm advertisements?

        1 Sep 2019.

        Why?

        PPI Deadline is 29 AUG 2019

        ...

        1. ridley

          Re: GDPR to the rescue

          What do they do on the 30th and 31st?

          1. robidy

            Re: GDPR to the rescue

            Staff take their annual holiday quota in one go?

    2. Anonymous Coward
      Anonymous Coward

      Re: GDPR to the rescue

      Not having yourself removed isn't the problem. It's a problem if somebody doesn't get unbound from a car they sell and then they use it.

      You're hardly likely to unbind if you *want* to use it after you've sold the car.

    3. macjules

      Re: GDPR to the rescue

      Actually all they need is a functionality similar to Tesla. Go to Backup and Reset and select Factory Data Reset. Car is completely reset and new user can register.

      Oh, they still retain all the previous user's data on their CRM? Naught JLR - have a 4% of turnover fine.

    4. Anonymous Coward
      Anonymous Coward

      Re: GDPR to the rescue

      "JLR needs a bullet-proof method for this to be automatically disconnected when the vehicle changes hands. I don't know how you do this..."

      This is an unreasonable demand to make of JLR because any such automatic bullet-proof method would be dependent upon a similarly bullet-proof system/process whereby JLR is informed of the sale of any of their vehicles, including private sales.

      I don't know how you do this...

      No, and neither does anyone else, because it would require a legal obligation on the part of the seller of a vehicle to notify the manufacturer of that vehicle when it is sold, for without such an obligation upon the seller there would be no means for the manufacturer to receive notice of the sale and transfer of ownership.

      And that's the problem with simplistic remedies like: "There is a bullet-proof method. It's called 'reminding' JLR that they can be fined up to 4% of global revenue..."

      Whilst there's clearly a problem here it's not simply down to the manufacturer, despite all the outrage and simplistic but flawed solutions.

      1. Anonymous Coward
        Anonymous Coward

        Re: GDPR to the rescue

        as macjules said above:

        "Actually all they need is a functionality similar to Tesla. Go to Backup and Reset and select Factory Data Reset. Car is completely reset and new user can register."

        That seems to be a simple and reasonable solution.

        The problem of someone, a valet or whomever, resetting this functionality while in the car is more difficult. It's a little like having guests or new acquaintances in your house. You hope and expect they're not going to be malicious.

        My personal preference would be to have none of tracking/"functionality" in the car in the first place.

        1. werdsmith Silver badge

          Re: GDPR to the rescue

          It's very much like activation lock on phones. If a previous owner doesn't "log out of itunes" or whatever the equivalent it, then it remains locked to the account of that previous owner.

          In days gone by it would be no effort at all to sell a car but retain a key copy, so you can go and help yourself to that car at any time it's unattended. Anyone going to do anything about that?

      2. sabroni Silver badge

        Re: it's not simply down to the manufacturer

        It's completely their responsiblity though. This isn't a bolt out of the blue revelation, it's something they were fully aware of throughout the development of this system. They were fully aware that people sell cars. If they didn't put in place a robust mechanism to deal with this fact then they are at fault.

  5. Roland6 Silver badge

    Same applies to other vendors...

    Having taken over a Vauxhall, I can see big issues concerning the transfer of the online information associated with secondhand vehicles. Whilst DVLC were quite happy to accept a signed V5C as proof of change of ownership.

    Getting Vauxhall to accept that I was the new owner of the vehicle, now sitting on to the forecourt of one of their dealers, and said dealer had seen my V5C and proof of Id/address etc. and so grant me access to the online service history and other useful information and benefits associated with said vehicle - which Vauxhall say on their website can be achieved by simply completing a web form...

    Expecting the current owner when selling their vehicle to do anything more than complete the V5C is a recipe for trouble.

    1. Lee D Silver badge

      Re: Same applies to other vendors...

      It won't be long before there's a SORN-like online process for transfer of ownership. The V5C should be an online document in this day and age, and there's no reason you can't have it tie into a Government Gateway account or similar like driving licences/passports do.

      Proof of ownership is then no different to the hire-car-codes for licensing. You generate a code, give that to the organisation asking for proof of ownership, they don't get all your details but have a proof that it MUST be you it's registered to.

      There's already electronic querying of finance status, write-off, insurance status, MOT status, driving licences, etc. Online car registration is just the next logical step. In fact, you can already do it: https://www.gov.uk/sold-bought-vehicle but it's the bit about proving it that needs to be added.

      Their incentive? With electronic registration, no more "no logbook" / "logbooks in the post" kind of sales , hoping that the seller sent it off in time, etc. - you just do it there and then with your smartphones, from the literal second of ownership. Which means they get the right person when you go through a camera with a brand new car.

      1. This post has been deleted by its author

      2. Roland6 Silver badge

        Re: Same applies to other vendors...

        >It won't be long before there's a SORN-like online process for transfer of ownership.

        There already is, I used it to take ownership of this vehicle earlier this year. Although they still want to see the paper copy returned with a signature in real ink on it and will send out a new paper V5C as confirmation.

      3. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Re: Same applies to other vendors...

      In 2016, a security researcher demonstrated turning heating on and off (As well are reading battery levels) across the internet on the Nissan Leaf, mostly by knowing the VIN.

    3. Voland's right hand Silver badge

      Re: Same applies to other vendors...

      online service history and other useful information and benefits associated with said vehicle

      Hate to spoil the party, but that service history may inadvertently contain information which personally identifies the previous owner and should require their consent. Example - car fails to start, major fault towed from the driveway to the dealer (happened twice to my neighbour's son). I would be surprised if the traces of that in the service history have been fully scrubbed from all personally identifiable details as required by GDPR

      Like it or not, the V5C transfer procedure is becoming woefully inadequate in the day and age of connected vehicles.

      In fact, we are rapidly approaching a moment when the V5C is the last part in the sales. Un/Re-registering everything related to the data leaching and connectivity to the new owner will be going before that.

      1. Roland6 Silver badge

        Re: Same applies to other vendors...

        >Example - car fails to start, major fault towed from the driveway to the dealer (happened twice to my neighbour's son). I would be surprised if the traces of that in the service history have been fully scrubbed

        From the information you provided, even knowing the dealership who repaired the vehicle was Monty's of Hereford, you would be had pushed to identify a person; naturally, if I'm buying the car off you, I would easily be able to determine your contributions to the service history, that is unavoidable.

        However, given you would have consented to data collection and the sharing of data with selected third-parties at the time of sign-up/vehicle purchase...

    4. David Shaw

      Re: Same applies to other vendors...

      A friend was driving his BMW X-something recently, on the motorway. He got a phone call on his hands-free infotainment system; “good morning Dr. D., we’ve noticed that it’s about time to change your brake-pads. We do have a slot tomorrow at 2pm if you’d like” this call came from the local city‘s big beemer dealership. They seemingly received live telemetry the second that an amber light came on, my colleague only noticed his dashboard display warning/advising about brakes after the phone-call. He was certain that there were no alarms at the start of his journey. Westinghouse brake & signal company SCADA with remote terminal management comes to cars! Dr. D. immediately booked a brake pad replacement at anywhere other than the city’s main-dealer.

      They are probably using the E-911/E-112 channel etc

      One thing about a 1973 Series III diesel landy is that it not only Carrington event immune, but also lacks any SCADA telemetry, for good or ill?

      1. Anonymous Coward
        Anonymous Coward

        Re: Same applies to other vendors...

        Correct, they do receive live telemetry but only if you opt into it.

  6. Graham Cobb Silver badge

    New owner must be able to disconnect seller immediately from the vehicle

    Car manufacturers must put a "disconnect car from current account" function within the vehicle itself so that the new owner can do the disconnect before driving a single metre after buying the car.

    If there is a concern about theft then the back end for the function can be made more complex: still collect the data but prevent the previous owner from accessing the data or controlling anything. The police can still have access to the data (for example with a warrant) but the previous owner does not unless they go through a process to reclaim the car (disputing that ownership has been transferred). Meanwhile, the person with control of the car immediately has full access and control (although only to data from the moment of claiming the account).

    It is not reasonable to require any co-operation from the previous owner, nor to allow any access from one of the users to data about the other's usage, nor any complex process of proving ownership to a third party such as JLR or a dealer (control of the car should be sufficient). The tiny number of cases of theft or disputed ownership would be the cases which have the complex process, probably involving a court.

    1. Anonymous Coward
      Anonymous Coward

      Re: New owner must be able to disconnect seller immediately from the vehicle

      Which would be nice, but InControl has the ability to work as a stolen vehicle tracker. Enabling the current person in the car to disable this kind of defeats the purpose.

      How JLR is supposed to know the vehicle has changed hands outside of its dealer network is beyond me, in the event he was able to get this resolved after contacting a JLR dealer.

      1. Danny 14

        Re: New owner must be able to disconnect seller immediately from the vehicle

        @AC: you phone JLR, they check DVLA data. You confirm with JLR your identity. voila! system reset.

        It seems that JLR dont want to do this though.

      2. JetSetJim
        Stop

        Re: New owner must be able to disconnect seller immediately from the vehicle

        > Enabling the current person in the car to disable this kind of defeats the purpose.

        Push and hold button for ten seconds, car connects to server. If not registered, follow existing procedure. If registered, fire emails/phonecalls to current registered owner to get confirmation of account deletion. No response, do nothing. Repeat attempts generates intervention from a meat sack to work out what's going on (e.g. if previous owner has died, and other edge cases)

        When you buy a 2nd hand car, just keep pressing the button every day until it registers. If I just had to 'click here to login and confirm', it would be easier than remembering where I put the booklet with the URL in (probably the glove box anyway).

        Sure, there's still the case where a thief nicks your phone and keys, but I'm sure the existing tracking can cope with that.

      3. eldakka

        Re: New owner must be able to disconnect seller immediately from the vehicle

        > Enabling the current person in the car to disable this kind of defeats the purpose.

        As per the OP you are replying to (emphasis mine):

        If there is a concern about theft then the back end for the function can be made more complex: still collect the data but prevent the previous owner from accessing the data or controlling anything. The police can still have access to the data (for example with a warrant) but the previous owner does not unless they go through a process to reclaim the car (disputing that ownership has been transferred).

  7. Kevin Johnston

    Contact Previous Owner

    A lovely sentiment but if this is the 3rd/4th owner then how do you backtrack to find the one that the car is bound to? As mentioned, you cannot rely on the V5 to hold all the previous keeper details so how is Joe Public supposed to go about this?

    The proper, and in fact only, solution is for there to be the disconnect button #Graham Cobb suggests.

    1. Roland6 Silver badge

      Re: Contact Previous Owner

      >The proper, and in fact only, solution is for there to be the disconnect button #Graham Cobb suggests.

      Not needed, the data is already available from DVLA, however DVLA charge for this records checking service...

      I suspect the real problem is with the manufacturers own systems not being able to easily handle this natural transfer ofownership.

      1. Mark 85

        Re: Contact Previous Owner

        I suspect the real problem is with the manufacturers own systems not being able to easily handle this natural transfer of ownership.

        Some of this could be simply rectified by the manufacturer just needing to change the "owner" on the data file and lock out previous data when that changes. With the dealer "lockin" that gives the dealer the ability to pressure sell new vehicles and at this point, who's paying the dealer to this "data transfer" work? From the tone of the article, not only is this process rather undefined by the manufacturer but there's no incentive (legal or otherwise) for them to do something that costs bit of money.

        1. HolySchmoley

          Re: Contact Previous Owner

          '... and at this point, who's paying the dealer to [do] this "data transfer" work? From the tone of the article, not only is this process rather undefined by the manufacturer but there's no incentive (legal or otherwise) for them to do something that costs bit of money.'

          Adhering to the law is a cost of doing business and remaining legal is the reward. Otherwise you are some sort of Del Boy outfit, or worse.

          The idea that someone should be 'paid' to adhere to the law isn't one that the societies we live in are built upon.

          Personally, I approve of GDPR applying some constraints and penalties to control the sort of 'big business' that has surreptitiously slimed its way into spying on citizens for their own ends.

          YMMV, obviously. Hitler, Lenin and others would doubtless have approved of corporate surveillance, the results of which governments get for free. Doubtless their ilk will do so again. Even in 'Western democracies'.

  8. Mark #255

    Hire car data

    Not the same, but related:

    I was Quite Interested to note that the hire cars I've used since GDPR came into force have all had empty sat nav histories and no other phones in the Bluetooth history (this never used to be the case).

    At least someone appears to be on the ball.

    1. Anonymous Coward
      Anonymous Coward

      Re: Hire car data

      Some manufacturers disable the connected stuff for fleet sales. FCA do.

      1. Danny 14

        Re: Hire car data

        most transit van hires still have bluetooth. I hired one from enterprise just 3 weeks ago, it had a load of bluetooth history in its connection page.

        1. John Brown (no body) Silver badge

          Re: Hire car data

          "most transit van hires still have bluetooth. I hired one from enterprise just 3 weeks ago, it had a load of bluetooth history in its connection page."

          If it's just a list of phone numbers, well, that's pretty much public information anyway. Unless it has names and/or dates and the calling number as well as the called number, it shouldn't be a problem.

          1. ckm5

            Re: Hire car data

            Even in the US, where there are virtually no privacy laws, a phone number is considered PII and it subject to data control laws.

            I would venture to guess that the GPDR considers a phone number PII.....

  9. Simon Ritchie

    I think that the fundamental problem here is that in a car manufacturer, product managers hold the purse strings. The second-hand car market has nothing to do with their bonus, so they are not interested in it. Spending money to make sure that the support system works for second-hand buyers is not on the agenda.

    Until, as said earlier, GDPR comes along and bites them.

  10. The Original Steve

    Why so hard?

    Two things:

    1. Rather than a VIN, maybe a number that could be generated via the ECU and presented in the dash / iDrive. Appreciate the Evil Valet can still do it, but it's harder than walking up to the car and reading the VIN from the dashboard (some cars even have the VIN on the windows!)

    2. If there's a dedicated button that needs pressing to connect the car to the online services, why not just have it so that if you press and hold the same button for - I don't know, 10 seconds? - the car will disconnect from the service?

    Doesn't prevent the issue if the new buyer isn't aware, but both would help and could be implemented via a software update.

    1. KBeee

      Re: Why so hard?

      The point is, there IS a button you need to hold for 10 seconds inside the car to register as the new keeper of the vehicle, along side having to set up an online account etc. which requires the VIN. The problem arises when the seller of the vehicle fails to un-register their old account/vehicle association when they sell it.

    2. KBeee

      Re: Why so hard?

      There IS a button you need to hold for 10 seconds inside the car to register as the new keeper of the vehicle, along side having to set up an online account etc. which requires the VIN. The problem arises when the seller of the vehicle fails to un-register their old account/vehicle association when they sell it. Just having a button inside held for 10 seconds to dis-associate the old owner from the system would be great for a car thief that had stolen your key to nick your car.

      1. Graham Cobb Silver badge

        Re: Why so hard?

        Just having a button inside held for 10 seconds to dis-associate the old owner from the system would be great for a car thief that had stolen your key to nick your car.

        No. It would make no difference at all.

        If my car is stolen I don't go and find it and retrieve it myself. I call the police and the insurance company. They would still be able to use the mechanisms they use today to contact the manufacturer and get access to location and other information -- they aren't asking the owner for that today.

        1. Anonymous Coward
          Anonymous Coward

          Re: Why so hard?

          If InControl is disconnected from JLRs systems how would they know where the car is? Customer has to consent to the data being collected.

          It is the responsibility of the previous customer to disconnect and owners of cars with this tech will need to get used to checking their purchase has indeed been disconnected

  11. hammarbtyp

    Not quite the same, but every once in a while i get an e-mail every couple of months giving me a diagnostic report for my GMC Yukon. It gives my mileage. car state, etc.

    Only one issue. i don't own a GMC Yukon, never been in one and don't even live in the states where I assume they are driven

    I am assuming that whoever set it up mis-typed their email and here we are. It just goes to show however how hard it is to control information

    1. Throatwarbler Mangrove Silver badge
      Go

      Well, if you want a GMC Yukon, it sounds like you have pretty ready access to one.

    2. John Brown (no body) Silver badge

      "I am assuming that whoever set it up mis-typed their email and here we are. It just goes to show however how hard it is to control information"

      I'm surprised stuff like that doesn't happen more often. I recently started getting emails to one of my live accounts about fund raisers for a school in the US asking "the committee members" to confirm attendance at fetes and things. No amount of replying to them would stop it. And I was very nice and polite about it too. Eventually I tracked down the school website only to find no email contact details other than to the "school district office", whatever that is. I sent them an email and slightly lied by saying the emails contained personal information regarding students. I never got a reply from them either, but the emails stopped almost immediately.

      1. hammarbtyp

        yeah, I used to get elections emails from a specific place in the US, which was fun. Eventually I replied

        Hi Tom,

        Thank you for your emails asking for my support in your coming election. I must admit after reading them I am strongly inclined to vote for you.

        However I am little hazy about election law. Do you need to be a resident of Mamaroneck to vote for you? Or in fact a a US citizen? or even reside in the USA?. It is possible I might of flown over Mamaroneck on the the way back to England, but I'm pretty sure that would not be enough to give me a say in your election.

        So on the balance of probabilities it is unlikely I will be able to help you in your quest for office. However I wish you well in your coming election.

        However if things do not work out and you ever feel the desire to stand for parish councilor in England be assured of my full support

        Yours sincerely

        Never go a reply again (Tom lost)

  12. Daedalus

    And the bozocalypse continues

    When will the people who come up with these technological miracles realize that they will be handled, used, abused and confused by people whose main motivation in life is getting to beer o'clock?

  13. MJI Silver badge

    A least mine is fine

    Too old and no fragile Ford engine either

    1. Danny 14

      Re: A least mine is fine

      i quite like JLR using ford engines, it means i can get updates on my ford mondeo for free and JLR technicians get the full ETIS computer. I have a mate who works in a dealership....

      1. MJI Silver badge

        Re: A least mine is fine

        We just take the pee out of the Ford engines.

        My 5 cylinders (basic remap) puts out roughly same power as the Ford V6 and is very unlikely to snap its crank.

        Rusty ones are now being used as engine donors to replace late Defender Transit engines.

        Just realised I have identfied myself as a Discovery 2 owner!

  14. Michael Jarve

    As long as they're still using Lucas...

    ...electronics, there should be little to worry about. Based on my personal experience with my own Range Rover, attempting to unlock the doors remotely will only result in the gas-cap cover opening, and attempting to remotely start it will just just cause a puddle of oil to appear under the engine. Pretty much, there is nothing a previous owner, or evil valet can do to those vehicles that's worse than what they already do.

    I still remember the reassuring "click" of the safety belt the first time I drove mine off the lot, and the weird sensation of the fastener portion of the belt sliding across my lap and chest as it came out of its anchor about 2-blocks away from the dealership. Land Rover: Inventors of the self-releasing seatbelt.

    1. Yet Another Anonymous coward Silver badge

      Re: As long as they're still using Lucas...

      With a Land Rover the only GDPR related issue should be checking that the previous owner hadn't left a couple of sheep dogs in the back

    2. MJI Silver badge

      Re: As long as they're still using Lucas...

      Mine has a Lucas engine ECU. Other ECUs from other companies.

    3. Mark 85
      Devil

      Re: As long as they're still using Lucas...

      Land Rover: Inventors of the self-releasing seatbelt.

      That's not a bug but a feature. If your seat belt suddenly unbuckles maybe the driver will drive more carefully?

    4. Borg.King

      Re: As long as they're still using Lucas...

      Land Rover: Inventors of the self-releasing seatbelt.

      That's in preparation for your hasty exit as flames start to lick around the edges of the bonnet.

  15. Anonymous Coward
    Anonymous Coward

    This capability is fraught with danger

    Getting into someone's car to push a button for 10 seconds isn't a high bar at all if you know the person. Ever ride in someone's car and they leave their car for a moment to go inside their house for something they forgot, run to a restroom at a gas station, etc.? You can press that button then. Ever visit someone's house and they leave you alone for a few minutes while they are in the bathroom, taking an important call, dealing with a crying child? If they keep their car in a garage, it is almost certainly unlocked and you can press the button and return before they're done and none the wiser. Most stalkers are known to their victims, not strangers...

    There needs to be some security around this process greater than physical access that allows you to press a button. At the very least they need to provide a method where the owner can disable this capability permanently, and not have it be trivially re-enabled without their knowledge because someone pressed a button. If I owned one of these cars, I'd be googling right now trying to figure out who to talk to about a class action lawsuit.

    1. JohnFen

      Re: This capability is fraught with danger

      "Getting into someone's car to push a button for 10 seconds isn't a high bar at all if you know the person"

      Or even if you don't. Gaining access to a locked car is unbelievably easy, as numerous car thieves and roadside service companies demonstrate on a daily basis.

      1. Anonymous Coward
        Anonymous Coward

        Apparently the button is behind a flap in the overhead console

        So it would be trivial to trigger if you were in the passenger seat while the owner was driving it - they probably wouldn't notice you doing that, and if they did you could say you were trying to open the sunroof or seeing if it had a built in garage door opener transmitter.

        Not only could you use that to activate the system, you could deactivate it - i.e. if a parking lot attendant wanted to take it for a joyride it wouldn't be trackable. Seems like it would also be the first thing a thief would do before driving off with it - if you push it in for 10 seconds you deactivate the tracking. If the tracking isn't enabled, pushing the button won't do anything because you have to do the online setup first for that work.

        Kind of defeats the purpose of being able to track a stolen car if the thief can override the tracking with such a simple method!

    2. phuzz Silver badge

      Re: This capability is fraught with danger

      At a certain point you just have to hope that people are trustworthy. If you let someone into your house, how long would it take them to find the spare keys? Or to perform an 'evil-maid' type attack on your computer, or to surreptitiously leave a window open so they can get back in later?

  16. Charles 9

    Arguing aside, I can at least see some of JLR's point. I mean, other than being psychic, how is a car manufacturer supposed to know when one of their cars changes hands in a private sale that doesn't involve them? I mean, technically, when the car is sold and driven off the lot, it's no longer their car. This is creeping towards some very grey territory.

    1. Michael Jarve

      I agree entirely. If it's some sort of authorized dealer sale, then yes, LRJ, Volvo, and others do bear responsibiliy to make sure ownership "truly" changes hands, but if I'm selling my Rover to Charles, here, who's job is it to make sure I hand over *all* the keys? Is it his, having researched the vehicle and deciding to buy it? Is it mine, having owned the POS and having become familiar with all its quirks bugs? Is it in fact LRJ's having no idea I've become disillusioned with their vision of luxury and instead selling my RR and buying a fleet of old-lady gold colored 1990 Toyota Camary's and not looking back?

      Should it be easy enough for someone, presumably almost anyone, to defeat the "connectedness" of a modern car just to prevent someone else from taking over our 2.5-ton lethal projectile and causing embarrassment, inconvenience, or worse? Is there really some way to prevent some occurrence without constantly phoning home to Nanny? Or should we decide that out car really does not need to talk to our toaster or alarm clock, and that carrying a keyfob with the traditional "lock, unlock, panic" buttons is really not all that hard or traumatic. I know El Reg's readership tends to turn a more critical eye towards such things than readers of say Ars Technica's "Oh! Shiny Phone App until Privacy Breach!", but I suspect that even even Gitlin would prefer security and safety to adding yet another mostly useless app to their iTimepiece.

      Then again, there is a reason the Rover (14,000 hard-fought miles) is saved for Friday nights and trips to the Cities and the 18 year old 940 Turbo (536000 miles) is driven daily. Not to mention that I live in northern Minnesota- the Swedes, at least at one time, knew how to make a car for our climate.

  17. JohnFen

    Good reason not to buy

    This is a good reason not to buy any "connected" vehicle, period.

    1. Charles 9

      Re: Good reason not to buy

      So what happens when (not if) ALL card are connected...by law?

      1. Wade Burchette

        Re: Good reason not to buy

        "So what happens when (not if) ALL card are connected...by law?"

        I would like to see how a connected car can work without an antenna and its fuse removed.

        1. Charles 9

          Re: Good reason not to buy

          Simple. If the antenna doesn't work, the CAR doesn't work, either. AND they'll consider that user tampering, meaning bye-bye warranty.

          1. JohnFen

            Re: Good reason not to buy

            "meaning bye-bye warranty"

            Lots of people, including myself, don't care about the warranty to begin with, so that certainly wouldn't stop me.

        2. Fonant

          Re: Good reason not to buy

          I can't think of any (good) reason why a society would require all cars (and vans, lorries, motorcycles, mopeds?) to be "connected" by law. And what would all these cars be connected to, some national database? How would you protect against a malicious actor generating masses of radio interference to bring the M25 to a halt because the cars were no longer connected?

          If we did end up in such a dystopia, there's always walking or riding a bicycle. Or voting for someone other than the Tories.

      2. Anonymous Coward
        Anonymous Coward

        Re: Good reason not to buy

        That makes it important that we try to elect people who won't let that happen.

        I know...but it's my fantasy world and I can live in it if I want.

      3. JohnFen

        Re: Good reason not to buy

        Easy. I'll disable the antenna. If that's not possible, then I'll just stick with old used cars (they'll have to be grandfathered in as a matter of practicality). If that's not possible, I just won't own a car.

  18. Anonymous Coward
    Anonymous Coward

    I would just like to say something futile...

    Whether its Android-Slurp, SmartTV-slurp, Win10-Slurp, IoT-slurp or this latest Smart-Car-Hell... I am buying far less tech. The feature set versus the risks is just too high. Not that I expect this view will change anything.

    But eventually like the 20% fall in Facebook this week, a few clusterfucks are going to come home and burn the carmakers just like the emissions scandal. Better hope no one is playing musical chairs when that happens. But of course key decision makers like CEO's will all be in the Caribbean by then! So we need a GDPR clawback that costs directors, not the firm!

    1. Anonymous Coward
      Anonymous Coward

      Car makers like everything else in tech it seems

      They lust after the analytics, just none of the responsibility.

      Em, sounds like something else with similar consequences!

    2. Charles 9

      Re: I would just like to say something futile...

      Odds are Facebook will rebound quickly. They're still top of the heap in social media; nothing else comes close. Unless someone suddenly comes along who can out-Facebook Facebook, we still can't fix Stupid.

  19. quxinot

    Don't care who the maker is...

    I do not need my car going online. Period. This crap needs to be optional at the time of purchase, and easily disabled or modified after purchase.

    I love driving tremendously, but absolutely am not looking forward to buying my next car. I'd cheerfully trade all the electro-tinsel for a decent chassis that delivers what I ask of it.

    1. DryBones

      Re: Don't care who the maker is...

      So, a Miata then?

  20. RobinCM

    It's no different from any other tech

    Yes it's a car, but how is this different to selling a phone, laptop, tablet, fridge or anything else with tech in it?

    If I sell an Android phone, I need to make sure I remove my data and Google account from it before I sell it.

    Ditto for any of the other items I mentioned. As a seller, I would want to do this, so I know my data has gone before the device leaves my ownership.

    If I'm buying a second hand car I'm definitely going to be asking the retailer if any connected functionality has been correctly the reset and is ready for my use - before I buy the car.

    Seems like the guy in the article failed to do that, and then got in a strop and blamed the vehicle manufacturer for his own lack of foresight.

    If I bought a used iPhone and the previous owner hadn't wiped it properly, and I didn't check that before I bought it, how would that be Apple's problem?

    1. Charles 9

      Re: It's no different from any other tech

      The guy bought the car in a private sale that didn't involve the dealer, and the guy was a curious techie so he poked around.

      So, how do you solve this situation without the government making it worse such as requiring resales to the dealer complete with markup? Since dealers can't psychically see every private sale, where can they possibly fit in? And don't expect the tech to go away; in fact, expect it to be mandatory in future for safety and environmental considerations.

  21. Jason Bloomberg Silver badge

    Ho hum

    One would have expected it to be a simple "Bring it into your local dealer with your paperwork. They'll reset everything for free while you enjoy a complementary cup of tea. And here's a nice glossy brochure and a voucher for 20% off your next service. Welcome to the JLR family".

    I guess that's too much like good customer service.

    1. Anonymous Coward
      Anonymous Coward

      Re: Ho hum

      "One would have expected it to be a simple "Bring it into your local dealer with your paperwork. They'll reset everything for free while you enjoy a complementary cup of tea. And here's a nice glossy brochure and a voucher for 20% off your next service. Welcome to the JLR family"."

      No.

      Firstly, the vast majority of private buyers never want to visit a 'stealer' - even for free stuff like safety recalls, and would never be in the market for a new or 'approved used' vehicle so as far as the dealer network and manufacturer are concerned, they are not and never will be a potential revenue stream.

      Secondly, who is going to pay for this reset? the manufacturer? nope, they don't care about out-of-network sales, see above. The dealer? nope, they haver to assign tech's time to something, can't be sales, as they didn't sell it and cant be workshop as no-one to bill, can't be internal work as the tech's will kick up a stink over lost productivity & bonus (and rightly so) - just to 'log in' to a vehicle with DoIP, SPA or Flexray takes ~20 mins...

      20% discount on a service? 10% is the limit even if you push really hard, because they know that you'll then want a price match on all the stuff identified on the eVHC - or just take it to a local indy to have it bodged for a third of the price with the nastiest possible aftermarket parts.

      There's vehicles in dealers compounds that have been sat there for years waiting for work to be done because the owners have taken it there as a last resort after every other option has been exhausted and they haven't the funds to get it fixed, so the cheapest option is to SORN it and park it for free at the 'stealers' until they can be arsed to do something about it - which is usually get the local scrappie to tow it away after the fourth quarterly letter from the service manager threatening to charge them storage!.

      So no, getting private buyers into a dealers isn't ever going to generate another customer for life.

      What might work is registering your 'newly purchased' vehicle on the manufacturers portal, which would then generate a message to the existing registrant, if not answered within a week or two or answered with a 'no, don't change the owner' type response, the new owners details would default over to the online service.

      1. Charles 9

        Re: Ho hum

        One, dealers CAN be forced into repair stuff by the manufacturer, on pain of lawsuits, etc. That's how recall campaigns are conducted. If the manufacturer is under legal onus, they can pass the onus onto the dealer, money or no.

        Two, without knowledge of who bought the car, how can the manufacturer change the owner of the car. Also, things get lost in the mail all the time. A forced reset is bound to draw lawyers.

        1. Anonymous Coward
          Anonymous Coward

          Re: Ho hum

          "One, dealers CAN be forced into repair stuff by the manufacturer..."

          Dealers like nothing more than repairing stuff for manufacturers - recall actions, service actions, quality campaigns etc. etc. They get paid at a defined rate for carrying out specific actions on vehicles in a VIN range or exhibiting certain symptoms - at one time, there were eighteen 'quality enhancement actions' applicable to each and every instance of a certain model of a premium car manufacturers product, most were cosmetic or minor, some were bordering on safety recall territory - most owners were unaware of the rework as it was all classed as service action (but took 3.6 hours to complete) so there was no letter in the post, those that chose to use the 'EU block exemption' and get their vehicle serviced outside of the dealer network whilst in warranty would only get the individual items reworked 'upon customer complaint'.

          Not withstanding the above, warranty, recall and service / quality campaign work is lucrative 'bread & butter' work for the dealers - Nissan have spent years replacing engines because one person on the engine assembly line was OCD enough to line up all the gaps in the piston rings 'because it looked better' in the absence of being told otherwise... PSA have replaced 16k engines, mostly on a Dealer Hold Order due to a second tier Turkish manufacturer supplying substandard pistons for the 1.6 litre diesel engine, Ford Mustang 5.2l have an oil supply problem to the RH cylinder head / camshafts, mainly due to being built in America - their words, not mine, BMW are replacing battery wiring looms on 180k vehicles in the UK alone, should take about two years to complete - All of which is great news for the dealers!

          BTW, JLR use SDD & DoIP not ETIS and have done for some time. The last shared diagnostic platform with Ford was IDS and went out of the door with Discovery 3 so the chances of a JLR dealer (not indy) being able to / want to do stuff to a Ford is slim to feck all, even if they still have the interfaces, SDD simply won't recognise it!

  22. aks

    How is this different from selling a PC or mobile when you don't wipe the data and disconnect from the cloud/server?

    On the other hand, if some data was always gathered and couldn't be disconnected, any stolen car could be tracked. Maybe accessible only by the police using superuser login.

    1. Fred Dibnah

      When you sell a phone with your data still on it, the buyer gets access to your data. In this case the seller gets access to information about the buyer such as location data, with the added ‘bonus’ of being able to remotely control the vehicle they sold.

    2. Fonant

      Mainly because you *can* wipe a PC or mobile just by being in possession of the device.

      The problem in the case discussed is purely that you *can't* wipe the data collected by the vehicle manufacturer, even if you have the car keys.

  23. HWwiz

    Same for newer Mercedes

    Same with newer Mercedes cars from approx 2014 onwards.

    If the last owner does not login online and remove the car from their Mercedes Me account, then they can continue to remotely monitor the car. Lock / Unlock doors, etc.

    Non-Mercedes dealers have no control over this. Where as main dealers can terminate the accounts during re-sale.

  24. Stork Silver badge

    Somehow I feel less and less need for a connected car

    Are they still sold, or can you disable it?

    1. Alumoi Silver badge

      Re: Somehow I feel less and less need for a connected car

      Citizen, you WILL buy a connected car. It's for your own protection.

      Don't belive this crap? Then think of the children!

  25. carolinahomes

    Possible Fix: Link to the insurance carrier?

    If only it were possible for JLR to be able to confirm current owner identity by linking to the current insurance carrier of the vehicle. If the current insured name doesn't match what JLR already has, just send out a notification postcard to the insured on file that they need to come in for a reset.

    Big if. But a rather simple fix to the whole situation if that's possible.

  26. clhking

    Volvo - Same

    Our Volvo bought from a Volvo dealership was not unbound. But the subscription to Volvo On Call was expired. So the previous owner would have had to pay to retain access to our car. When I called to activate our account the VIN was still bound to the previous owner.

  27. EdFX

    It's worse in Jags ...

    My 2015 F-Type came from main dealer couple of years back as ex demo. I found the app and registered online before car was ever delivered to me. All I needed was vin and reg etc, all online and I could see the car and even START IT... Even before I'd touched it. Point being, I didn't need to press any keys and the jag app also let's you start the vehicle to cool/heat remotely.

  28. Trollslayer
    Thumb Down

    Smart cars

    are becoming a dumber idea all the time.

  29. Anonymous Coward
    Anonymous Coward

    Clear down

    When we bought a used Honda, I was surprised to see all the previous owners phone details in the Bluetooth part of the car. Wonder if there is anyway to link all this to the V5 changes. It should be a procedure within all sales to clear the car down from the previous owner.

  30. Lorribot

    I would be very surprised if this was only JLR, I have an old car and not affected by any of this nonesense but have seen Peugeots that will automatically install and app on your phone when you connect to to teh car and that also records all your journeys and stuff.

    One thing to bear in mind is when you last bought a second hand car did you get all the keys? I know of one casde where premium cars were sold and stolen back cloned and sold again several times using this method.

    Personally the whole car connected thing comes under "just because you can, doesn't mean you should".

  31. Mike 137 Silver badge

    Franz Kafka Motors PLC

    So it's perfectly normal, and indeed necessary, for your car to have an online account to which it posts all sorts of stuff - "Facebook for vehicles"?

    The big question is not how to manage this, but why it's the case at all. As the lawyers say: “Qui bono?” - who gains from it? What possible benefit could there be to the owner of a car to have its journeys tracked, its air conditioning adjusted and its doors unlocked via the internet?

    I run a very reliable car old enough to have none of this computerised junk on board. I seem to be able to do everything I need with it, and there's no need to worry about its previous owners.

  32. 0laf

    Newish BMWs have the same capabilities although I think a lot of it is disconnected unless you pay the subscription after 3yr. When I got mine certainly the old data had been cleared.

    However I also recently bought a used Mini (62 plate) and it still had the previous owners phone book installed. Which I noticed when the car tried repeatedly to call 'Janet'. I don't know a Janet. That wasn't from a Mini dealer.

  33. tiggity Silver badge

    Give me a basic car

    I have recently had to drive various infirm elderly relatives (in their cars). Being old they can afford newer cars than me, I soon learned to take cig lighter USB adapter to keep my phone charged in the cars (using phone as Sat Nav burns battery so need to keep it charged) - if I used the USB slot in the new cars they instantly tried to connect to my phone - link it to car so I could make / take calls, play my music etc.

    1. Anonymous Coward
      Anonymous Coward

      Re: Give me a basic car

      You can get USB cables that have their tubes tied ( ie: the data wires connected together ) so it shouldn't try to do anything other than charge.

      1. Charles 9

        Re: Give me a basic car

        USB cables without data lines are limited by spec to 500mA, meaning no quick charging, and if you're using the phone for mapping and so on, 500mA may not be enough to keep up with the battery drain.

    2. jeffdyer

      Re: Give me a basic car

      And that's a problem how exactly?

  34. Anonymous Coward
    Anonymous Coward

    Do Land Rovers not have valet keys that can't be used to open the boot and the glovebox?

    Surely unlocking the car with a valet key should prevent binding?

    1. MJI Silver badge

      Proper ones don't

    2. ChrisC Silver badge

      All recent-ish Jaguars (so I'm presuming the same is true for the LR side of the business) use the touchscreen to control valet mode, rather than having a seperate valet-mode key. You do have to then remember to take the emergency keyblade out of your fob before giving it to the valet though, otherwise resetting the car back to normal mode is trivially easy...

  35. Giovani Tapini

    So now a car is not really a car any more

    The sale and transfer of a car is now likely to involve the manufacturer regardless of private or dealer transaction.

    It's not really like any other tech, as I don't need to engage a third party I may have had no relationship with to clear and sell my phone.

    Your personal data, along with the car's data is now spread out across your phone, internally within the car, and with the manufacturer. Just deleting your app (unlikely) or, resetting your car (even less likely) is not sufficient. The car does not change it's credentials on transfer either, VIN number stays the same for the life of the car. Where does this lead? Confusion over data being mine and personal, data that is car specific for the manufacturer and a vast, Ill considered gulf of grey between as current discussion shows. Overall modern cars are not "yours alone" like cars used to be before they gained SMART (oxymoron alert).

    Relying on the seller to de-register is pointless and may be unfeasible if they are not alive, abroad, incapacitated, phone stolen or account closed etc. This is simply unworkable.

    There needs to be some new broader thinking about how we now effectively borrow cars from the manufacturer regardless of the process we went through to get the keys...

  36. Aodhhan

    Good Grief.

    Apparently, you think JLR should monitor all their vehicles and some how know when they are sold off?

    Of course not. But you do have to think of the process... and bump it up against a few things.

    It's the typical security see-saw balance of usability versus security.

    Make it too easy, then a auto thief can easily make changes so you can't track the car.

    Make it too hard, then the owner gets upset.

    Like any new technology where security is involved, it takes a bit for a good balance to be struck. So in the mean time, don't get too pissy about the situation. Instead, work to find a balanced solution. This is what security professionals are supposed to do.

    1. Charles 9

      Re: Good Grief.

      But what happens when balance is impossible because the furthest the customers are willing to go aren't far enough to reach the dealer's limits? So instead of a happy medium it's an UNhappy medium that's never reached?

    2. lawrkelly

      Re: Good Grief.

      My car was stolen. And it's always an awful shock. The GPS, as ever is with the previous owner. As the car was purchased at auction by the car sales, the previous owner could not be contacted.

      I thought as it was a theft Jaguar would help. They wouldn't give me the GPS coordinates to at least get a 'what' happened to the car. If it had have been on the day, maybe I could have recovered it.

      The thieves must be laughing so hard, that a 2017 Jaguar has no tracking due to this farce. On transfer of ownership there are 101 triggers. And a piece of code could delete the old user. Even an email to have them confirm is easy.

      So so frustrating when it's a stolen vehicle and they only talk about data privacy.

      1. Charles 9

        Re: Good Grief.

        But then you get the other end of the spectrum: an abusive relation who pretends a vehicle is stolen so as to track down someone who is secretly abused, among other scenarios.

        IOW, it's an UNhappy medium.

  37. 2Nick3

    Fun on the lot!

    So you just need one mischievous person on the car lot, reading VINs and registering the cars to an account, to cause this headache for the initial owners.

    THAT might get someone's attention.

  38. JaitcH
    Happy

    All This Wondrous Technology and Jaguar Land Rover STILL Can't Keep The Mirrors On!

    Most spares for this line of cars have prices that make the eyes water. The ever creative VietNamese ne'er do wells can remove mirrors, for resale, with the greatest of ease.

    https://v.vnecdn.net/vnexpress/video/web/mp4/360p/2017/05/09/trom-be-doi-guong-range-rover-chi-25-giay-1494303210.mp4

  39. StillPhone

    Where Does Land Rover Hold Personal Data

    Does anyone know who hosts the InControl data for JLR ie is it Amazon?

  40. Anonymous Coward
    Anonymous Coward

    Stolen XE, GPS only accessible by previous owner not me. Couldn't locate the car !

    I needed the GPS for my stolen XE. A good time I would say to over ride an already broken system.

    They said only the previous owner could do that. Even in this extenuating circumstance.

    It is a simple pieces of code to remove the previous owner for incontrol also. It should be an automated procedure, thus allowing the new owner to enter VIN and add their details/account with no ownership by a previous owner.

    I described a scenario to exaggerate the point. A kidnapping or someone stuck in the mountains.

    So in a life or death scenario would they assist. They have all the data, user accounts are irrelevant. It's just a web front end to their back end DB.

    I am sure they would act for a politician, celebrity. As they wouldn't want adverse publicity. Average Joe would have to do a Liam Neeson and track the previous owner down. Ha ha ...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like