USB chargers in cars can sync data

It’s time for a night out on the town - maybe a concert or big sporting event. You hop in a rideshare - an Uber or a Lyft – and as you speed off to your destination, you ask to use a charging port and plug in your phone.

“Everybody wants a charger,” said Julie Vargas, who drives for Uber a few times a week. Vargas says of her rides, “probably eight times out of ten,” passengers want to charge their phones. Some even bring their own cables.

But when Vargas is the passenger instead of the driver and uses ridesharing, she never connects.

“It’s pretty dangerous. It’s a little personal,” she said.

Vargas doesn’t charge her phone in anyone’s car but her own for one simple reason: “I know that my call log information can be downloaded to their car.”

It doesn’t matter if it’s a rideshare or a rental. The simple fact is that if you use the USB charging port on a car that isn’t your own, you take the chance that the car will sync your data with its audio system and capture your personal information.

Plug in your phone, risk sharing your data. Period.

“Yeah that is so, that's such a bad thing,” said Justin Cappos, an associate professor of Computer Science at New York University’s Tandon School of Engineering.

Cappos, a renowned digital security expert who says he builds “real security systems that solve real-world problems,” says that what seems like a simple convenience can end up costing much more.

“There have been hackers before that have set up fake charging stations,” he told us. “It really opens the doors for people who are stalkers or otherwise going to use that information inappropriately.”

This latest threat to data security has also caught the attention of lawmakers on Capitol Hill.

Texas Representative Gene Green, a member of the House Subcommittee of Digital Commerce and Consumer Protection, says in today’s world, “data is like gold.”

“I think we really need a national law to make sure, whether it be Lyft, whether it be Uber, whether it be any other rental car,” he said.

He adds lawmakers need to catch up with technology so that the “information stays with you.”

Green is part of the subcommittee that just approved HR 3388: The Self Drive Act. One part of the bill specifically looks at automobile cybersecurity requiring manufacturers to specifically develop:

“A written cybersecurity policy with respect to the practices of the manufacturer for detecting and responding to cyber-attacks, unauthorized intrusions, and false and spurious messages or vehicle control commands.”

HR 3388 made it through the House Subcommittee of Digital Commerce and Consumer Protection in early September. Its next stop: the Committee on Commerce, Science, and Transportation.

In the meantime, until Congress passes new laws governing what cars can and can’t do with your smartphone and the information on it, your best protection against data piracy is to keep your phone unplugged unless it’s in your own vehicle.