Lorri Janssen-Anessi, Director External Cyber Assessments, BlueVoyant shares some simple tips on how to protect your personal information when renting a car this holiday season.
As the travel season approaches, it is worth taking extra precautions to ensure your personal information is not at risk of compromise.
An action as simple as hiring a rental car can come with the risk of exposing your personal data to unauthorised users when you connect and sync a mobile device to the vehicle.
READ MORE: 4 emerging travel destinations in Southeast Asia
Personal information at risk
Some of the data that can be inadvertently stored when you sync with a car includes contact information (which in some cases will have email addresses, names, and phone numbers), call and text logs, and potentially GPS or locational information. This data could be used maliciously by the next or any subsequent renter.
Not only can threat actors potentially access the data stored on the vehicle itself but there are other less obvious threats. If you are syncing via Bluetooth or Wi-Fi, those connections may not be secure or encrypted and could therefore be vulnerable to hacking, or compromise. Nearby attackers could intercept data being transferred between your phone and the vehicle. Many vehicles’ infotainment systems allow the use of third-party apps that integrate with mobile devices, and these apps could have their vulnerabilities such as backdoors to your cellular devices etc. This is not a particularly secure way to use your device, and therefore there are several real risks.
While car rental companies have ethical and legal obligations to adequately protect or purge the personal data that may residually be left behind after the rental period, customers need to be fully aware of the risks of syncing their devices to rental vehicles.
Tips to protect your personal information while using the rental car
To minimise the risk of exposure when syncing a device to a rental car, users can take several actions and adjust certain settings on their mobile devices before, during, and after syncing. These actions help control what data is shared, stored or remains accessible after returning the vehicle.
- Limit data access via Bluetooth settings
- Restrict permissions – if there is an option for a permit to sync, deny or limit permissions
- Use Bluetooth for audio-only – if possible block access to contacts and messages
- Disable the Auto-Sync feature before connecting to the rental car.
- Use USB charging without data sync – Opt for “Charge Only” to avoid transferring data to the vehicle
- Avoid using features that store data
- Stream music from your device – don’t give access to the whole library
- Use Incognito or Guest Mode (if available) by checking data settings regularly
- After connecting your device, periodically check the car’s settings for what data has been synced (e.g., call logs, GPS history, contacts) and manually delete it from the system as you go
- After using the rental car, manually delete personal data from the vehicle
- Before returning the vehicle, navigate through the car’s infotainment system and delete all personal data. Most cars have the option to clear synced devices, contacts, call logs, and navigation history.
- Make sure to unpair your device
- Adjust app permissions to restrict access to contacts, messages, and location data for apps that interact with Bluetooth or your car’s system. On both iOS and Android, you can customise app permissions in the privacy settings to minimise data sharing.
READ MORE: We developed a beginner’s Southeast Asian food guide
Taking these steps significantly reduces the amount of personal data transferred to rental cars and minimises the risk of a well-deserved holiday turning into a personal cybersecurity nightmare.
This article was contributed by Lorri Janssen-Anessi, Director External Cyber Assessments, BlueVoyant
