Potential misuse of personal data in parking apps

2

October

2022

No ratings yet.

We all know the struggle of entering a parking place: you need to get a ticket out of the machine but the car is too far from the machine to reach it through the window. What if this could be done easier?

Q-Parkis a Dutch company that provides parking facilities to drivers in the Netherlands. It provides the opportunity to park contactless based on the license plate of the car, which removes the parking hurdle. It works as easy as inserting your license plate in the application on your phone, and it will scan your license plate and arrange payment in the app after parking at one of the Q-park facilities (NOS 2022). The app will collect your data, even if you do not actively use it. However, this new type of information system poses privacy issues. Therefore, the question arises whether this technology needs the implementation of (cyber)security measures.

A study by Cybersecurity expert De Ceukelaire (2022) revealed that (Q-Park) parking apps do not require users to prove their identity when registering a license plate to the parking app. Which shows how easily someone else can use your license plate, making it a target for hackers. The privacy problem is highlighted by a method (figure 1) that shows how hackers can use the parking app to stalk you:

“License plate recognition (ANPR) is a feature that sends out an alert with the location when the target vehicle enters an ANPR-enabled parking lot” (Thalen, 2022). Sending out this instant location is a serious misuse of the data in parking apps when the parking app is misused.

Figure 1: ANPR method

Whilst Q-park counters this by saying that people will recognize when their license plate is “used” by someone else, as the real owner would not be incurred for the parking costs if someone else added the license plate to their account (NOS, 2022). But often people think not paying could be a bug in the system as well. Besides, even if that is the case, the location is already shared and it would be too late.

In cases like this where (personal) information can be misused, are we willing to incur privacy breaches and misuse of our data for a smoother parking experience? Whilst the technology itself can provide its benefits, users have the right to prevent this misuse. Regulations like the AVG (Dutch privacy law) are in place for people to report issues. However, in essence, entering a license plate should be better protected by implementing cybersecurity measures, for instance confirming this is your license plate in the app and having a facial recognition password on it.

References

NOS. (2022, 26 september). Hacker: kentekenparkeren Q-Park is risico voor stalking. NOS.nl. Available at: https://nos.nl/artikel/2446082-hacker-kentekenparkeren-q-park-is-risico-voor-stalking (Accessed 1 October)

Thalen, M. (2022, 26 september). Parking apps can let anyone track your car—this hacker wants to stop it. The Daily Dot. Available at: https://www.dailydot.com/debug/parking-apps-track-car-privacy-gdpr/ (Accessed 2 October)

Please rate this

Leave a Reply

Your email address will not be published. Required fields are marked *