IBM Details Risks of Second-Hand IoT Devices and Connected Cars | eWeek

IBM Reveals Security Risks to Owners of Previously Owned IoT Devices

ibm charles henderson
Feb 17, 2017
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

SAN FRANCISCO—When you sell a car, typically the new owner gets the keys to the car and the original owner walks away. With a connected car, Charles Henderson, global head of X-Force Red at IBM Security, found that the original owner still has remote access capabilities, even years after the car has been sold.

Henderson revealed his disturbing new research into a previously unexplored area of internet of things (IoT) security at the RSA Conference here on Feb. 17. In a video interview with eWEEK, Henderson detailed the management issue he found with IoT devices and why it’s a real risk.

“As smart as a connected car is, it’s not smart enough to know that it has been sold, and that poses a real problem,” Henderson said.

The problem is that when a new device or connected car has services provisioned, there is typically some form of mobile app and then there is a cloud back end that provides management. While users are easily able to delete an app from their mobile device, IBM Security found that the cloud piece isn’t as easy to delete and user access for devices that individuals no longer own is still held in systems for weeks or even years after a device is resold to second user.

IBM Security found flaws in the revocation of user access for both car vendors and consumer electronics vendors. Henderson declined to specifically identify the vendors as he said the issue was “pervasive” and his goal is to first raise awareness of the issue.

Getting the cloud management piece of IoT fixed is no easy task for a number of reasons.

“Revenue doesn’t flow from the second owner to the IoT vendor,” Henderson said. “There is no incentive to protect the second user.

“I don’t claim to have the identity access management silver bullet, but we can do a lot better than we’re doing in the consumer electronics space,” he added.

Watch the full video interview with Charles Henderson below:

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.