Steve Jobs drove his Mercedes without a license plate in a bid to be incognito and flaunt the rules the rest of the world follows. Ironically, the lack of a license plate made his vehicle more visible. If you saw a new silver Mercedes-Benz SL55 AMG without tags, you knew there was a chance Jobs was at the wheel.
Objective Personally Identifiable Information
Cars can also identify people with less money and notoriety. For one, your license plate is the personally identifiable information attached to you everywhere you go. Paying a nominal amount of money can get the name of the person who registered the car, the related information on the car and possibly the address of the person.
A criminal can skip that step and look to see where a car is parked to get the address. The address is the critical data value that lets someone easily search property records, often for free and provided by government agencies. The records likely include owner names and house information.
With hardly any effort, the names, house and car of a person is known. One thing leads to another and using the information above can get phone numbers and other items. Using LinkedIn can yield the person’s professional and education history.
Subjective Personally Identifiable Information
An unexpected source of intelligence about a person can come from the bumper stickers and magnets that dot many people’s vehicles. Combining the objective information with the subjective likes, dislikes and quirks of a personality paints a full picture.
Here are a few examples of bumper stickers and the types of conclusions that can be drawn from them:
They enjoy visiting Belize and the Appalachian Mountains
They are fans of the Washington Nationals
They prefer reading to watching television
Fans of dancing and music
Misuse of Information
Soon enough, there is enough data on a person that phishing or identity theft can take place. Getting the contact information of friends and family could allow for phishing of them, by using the information known to impersonate you.
Favorite brand information could inform a phishing campaign promoting that company. For example, a giveaway for Patagonia might be directed to someone who is fan. Knowledge of locations frequented could inform outreach. For example, a message might relate to a trip to a known favorite location. The personal knowledge from a car’s bumper stickers could inform all sorts of social engineering angles of attack.
The point of looking at this is not for everyone to drive the same nondescript block, but rather to consider privacy. Information available on your car, in your social media profiles or anywhere can be used by bad actors against you and those around you.