Fleet News

Warning on defleeted car app security

Fleet news logo

Fleets are being warned that company car drivers with connected car apps must disable them at defleet or risk potential security issues.

A number of carmaker smartphone apps, such as Jaguar Land Rover’s InControl, Tesla’s MyTesla, Volvo On Call and Vauxhall OnStar, allow the driver to remotely monitor and control a vehicle with their phone, including being able to locate the vehicle and lock and unlock it.

If the driver does not delete the app at defleet and disable their account then they could still have the ability to carry out those functions.

Ogilvie Fleet sales and marketing director Nick Hardy has first-hand experience of the issue.

“It’s still possible to control the car remotely even after it has left our possession. We know that because it’s happened to us,” he said.

“We’ve had notifications when the vehicle has been moved or moving or reports on its range capacity even after the car has left our possession and we have logged out.”

Ogilvie has still had access to a Tesla, BMW i3 and Nissan Leaf, although the NissanConnect EV app does not have the functionality to remotely lock and unlock the vehicle.

A spokesman for Nissan said that if the fleet manager or leasing company contacts the EV helpdesk it can disable the app. Alternatively, when a new user sets up ConnectEV it will supersede any previous account.

BMW said it has implemented a number of measures to improve security post-defleet. When BMW is notified that a car is removed from a corporate fleet, it will delete the ConnectedDrive account for that vehicle.

The previous owner is also encouraged to remove the vehicle from their ConnectedDrive account. If they fail to do so their access is revoked as soon as the new owner registers the car with a ConnectedDrive account.

New owners also have to insert a security code from the registration in order to link the car to the app to ensure it cannot be registered by someone else.

Tesla said that when there is a change of ownership it is the responsibility of the previous driver and/or new driver to inform Tesla so it can ensure that it is reflected correctly in the MyTesla account.

“Once Tesla has been notified of the new owner/driver details, the previous account is automatically disabled,” a spokesperson said.

However, Fleet News understands that there is at least one example of a former Tesla owner being able to access their account nearly a year after the vehicle had been sold.

The period between a vehicle being collected and sold at auction is also a grey area .

Hardy said: “Our question is what happens to the car when it is disposed of via auction? Because it's not going to go from one driver to the next, it's going to sit there for some time whilst it's disposed of.”

Zenith has also expressed concerns that most manufacturers do not have a clear policy for disengaging the app at defleet.

However, leasing companies are working with manufacturers on a resolution that would see the handover process incorporate the disabling of apps.

Andy Hartley, commercial director at Lex Autolease, said: “The handover process needs to incorporate the disabling of any apps to minimise the risks of drivers being able to locate, unlock or even operate cars once they are no longer in their possession, and we’re in dialogue with manufacturers about this.”

Paul Adler, fleet marketing manager at Vauxhall, said: “We’re trying to work with the fleet industry to ensure we can get the data back when the vehicle is defleeted and we can offboard the vehicle through OnStar so we take an active role in advising OnStar to delete all the OnStar services available to the driver of that vehicle, including the app.”

He added: “We need to get the owner of the company car to be able to let us know when that car is being defleeted effectively and we can then offboard it from OnStar. That is a process we are working through at the moment with both our fleet customers and OnStar.”

Volvo believes it is the leasing company’s responsibility to ask the driver to end ownership via the Volvo On Call app.

“The responsibility regarding the Volvo On Call app is no different to returning a set of car keys so Volvo On Call should be treated as an electronic key, with the leasing company ensuring that the driver disables the app’s functionality linked to that specific car,” a spokesperson said.

“Volvo is currently investigating the opportunity to provide a service to leasing companies that will end ownership of the car if the leasing company provides us with the details of the vehicles they no longer use.”

Jaguar Land Rover believes responsibility rests with the driver.

A spokesperson said: “JLR InControl terms and conditions place the prime responsibility on the user not the leasing company/fleet to un-bind a car from their account. This can be done at any time during the ownership cycle, not just at de-fleet.

“The process takes seconds and can be done directly through the user's InControl portal. Similarly a new car can be activated from the same portal. The benefit is that the user has complete control and is not reliant on a third-party to take action.”

However, the affected leasing company can also advise their Jaguar Land Rover retailer(s) when a vehicle is defleeted. The dealer can unbind any vehicles if required.

Failing that, the new owner of the car can contact any Jaguar Land Rover retailer to request the old user is un-bound and  enable the new user to start the bind process.

The BVRLA believes all parties have responsibility to ensure removal of the app.

BVRLA chief executive Gerry Keaney said: “The driver has responsibility, the leasing company has some and the manufacturer as well.

“To make it more complicated, the driver’s company, who is the leasing company’s customer, also has some responsibility. It is a more complex world.”

Fleet managers who are aware of the issue are ensuring their policies stipulate that the driver must delete the app and disable their account upon returning the car.

ACFO deputy chairman Caroline Sandall said: “It is already common to ask drivers to attest that they’ve removed any data from onboard systems at the point of vehicle return and this could be added to that attestation.

“Manufacturers should ensure technology exists to enable new users to view or edit any handsets linked to the car.”

Fleet managers also need robust processes in place when reallocating connected cars, or in the event of a driver’s phone being stolen.

Hardy added: “It is incumbent on manufacturers, lease companies, dealers, auction houses, drivers and fleet managers to understand what is happening, what the implications are and to put in place robust processes. The more robust we can make it now the better, before it becomes a bigger issue.”



Click here for autonomous fleet best practice and procurement insight

Login to comment


  • Edward Handley - 21/07/2016 16:29

    I have come across a similar, if less serious issue, with hire cars. Shortly after getting into a bluetooth enabled hire car I found the touch screen displaying a long list of mobile phones, some identified with a user's full name and company, Given time and inclination, I suspect I could have pulled up significant information on the numbers they had called!

Compare costs of your company cars

Looking to acquire new vehicles? Check how much they'll cost to run with our Car Running Cost calculator.

What is your BIK car tax liability?

The Fleet News car tax calculator lets you work out tax costs for both employer and employee