Australian Man Stands Trial for Allegedly Installing Spyware on Ex-Girlfriend’s Car

Cyberstalking can take many forms, most of them involving personal computers and mobile phones. But one man allegedly settled for a car app connected to his girlfriend’s vehicle, allowing him to track her movements and start and stop the vehicle.

Most recent offerings from the major players in the auto industry come with wireless capabilities and can be paired with a companion mobile app for extended features. In more ways than one, a car is on its way to becoming just another IoT device that also happens to serve as a means of transportation.

The alleged crime took place last year in Hobart, Australia, after the defendant broke up with a woman he had dated for about 6 months. During this time, she had asked him to help her with buying a new car, since he was an experienced mechanic.

The defendant helped her buy an unspecified Land Rover model, but he made sure to keep the VIN (Vehicle Identification Number) – the car’s unique identification number. This information is typically required to pair a modern car to a mobile phone, and changing it is illegal since it is also tied to the car’s history.

The two eventually broke up, which is when the defendant allegedly started stalking her with help from the car. He downloaded and installed an app that required the car’s VIN to set up an account, the Australian Broadcasting Corporation reports. This offered him instant, 24-hour access to data about the car’s location, which he received as email notifications or directly in the app. The spyware also allowed him limited access to the vehicle, including functions like unlock, start and brake, but it’s unclear if he ever used this.

The victim found out about the alleged stalking by accident, her attorney told the court earlier this month. Although she worked in the digital field and is supposedly well versed in car tech, she said she never imagined she could be rendered so vulnerable by her own car. Because of car tech, her stalker knew where she was, for how long she’d been there and when she came back home.

Jennifer Perry, the chief executive of the Digital Trust, said in a 2015 interview that “the easiest thing is to access the woman in the cloud,” usually by pretending to “help” her buy a piece of technology that requires setup. With emerging IoT in cars, this still holds true.

Cases of car users being able to connect to the vehicle long after selling it or returning to the rental service have been recorded. One of them, described recently, involved a rental car; the customer connected it to the FordPass mobile app and could remotely start and stop the engine, lock/unlock the doors, or for tracking its location.

Five months after returning the car, the customer still had control over the vehicle (location, door lock/unlock, engine start/stop), even though other people rented it during the period. Ford has been notified of the situation but, at the time of reporting, had done nothing to kill access.

Image credit: peto123