The rapid development of connected and automated vehicle technologies together with cloud-based mobility services are revolutionizing the transportation industry. As a result, huge amounts of data are being generated, collected, and utilized, hence providing tremendous business opportunities. However, this big data poses serious challenges mainly in terms of data privacy. The risks of privacy leakage are amplified by the information sharing nature of emerging mobility services and the recent advances in data analytics. In this paper, we provide an overview of the connected vehicle landscape and point out potential privacy threats. We demonstrate two of the risks, namely additional individual information inference and user de-anonymization, through concrete attack designs. We also propose corresponding countermeasures to defend against such privacy attacks. We evaluate the feasibility of such attacks and our defense strategies using real world vehicular data.
