September 2024
·
13 Reads
The integration of connected autonomous vehicles into the transportation system introduces significant enhancements in driving experience and convenience. Yet, it simultaneously raises important concerns regarding the security and privacy of passenger data. As individuals increasingly depend on these connected vehicles, particularly rental cars with advanced infotainment systems, safeguarding their personal information becomes a paramount imperative, presenting significant challenges that must be addressed to maintain user trust and comply with privacy regulations. This paper investigates risks associated with personal information stored in connected vehicle technology, emphasizing the importance of robust security and privacy practices. In the advent of cyber threats and the need for data protection, we examine a risk management framework (RMF) as suggested by NIST, which aims to address these quintessential concerns preemptively. Our research moves beyond the limitations of manual safeguarding methods, supporting the necessity for an advanced automated technical solution. To address these issues, we introduce and meticulously assess the efficacy of “Vehicle Inactive Profile Removal” (VIPR), an innovative technical solution conceived to actively eliminate the risks and potential oversights that stem from the prevalent tendency of renters to leave personal data unerased in the infotainment systems of rented connected vehicles. We provide a thorough evaluation of VIPR through various scenarios, including vehicle return to a rental depot, subsequent rentals, and ridesharing contexts. Our proof of concept includes an array of experiments to demonstrate how VIPR proficiently and autonomously removes previous renters’ “Inactive” profiles from a simulated infotainment system. The results highlight how VIPR constitutes a critical step towards enhancing the privacy and security of personal data, thereby promoting a safer, more responsible use of connected vehicle technology in society.