1. Forum
  2. Fidonet
  3. POLITICS

  • Over 800,000 electric car

    From Mike Powell@1:2320/105 to All on Mon Dec 30 09:03:00 2024
    Over 800,000 electric car owners and drivers may have had private info
    exposed online

    Date:
    Mon, 30 Dec 2024 09:36:50 +0000

    Description:
    Data from 800,000 Audi, SEAT, Skoda and Volkswagen cars was stored insecurely in an Amazon cloud folder.

    FULL STORY

    Cariad, a subsidiary of Volkswagens automotive software reportedly left the sensitive data of 800,000 electric vehicles exposed in an unsecured Amazon cloud storage folder, reports have claimed.

    The concern comes after Nadja Weippert, Mayor of Tostedt, Lower Saxony,
    delved into the app she was required to download to use the remote functionality of her Volkswagen ID.3.

    She found that it was collecting precise geolocation data every time the car was turned off, creating a detailed picture of where she had been.

    VW collecting customer data insecurely

    The vulnerability was first discovered by a European ethical hacking organization, Chaos Computer Club (CCC), which was informed by a
    whistleblower. CCC confirmed the issue on November 26 and notified Cariad, giving the company 30 days to make the data inaccessible.

    Cariad acknowledged the issue stemmed from poor configurations in two IT applications, responding within just hours and thanking the CCC for its work. CCC spokesman Linus Neumann praised VWs software firm (via Spiegel ,
    translated with Google Translate): "The Cariad technical team responded quickly, thoroughly and responsibly.

    German publication Spiegel revealed that more than half of the vehicles (460,000) were sharing precise GPS data. Most of the 800,000 affected models were located in Germany (300,000), with Norway, Sweden, the UK, the Netherlands, France, Belgium, Denmark, Switzerland and Austria also being
    home to tens of thousands of affected electric vehicles.

    Because Volkswagen is the parent company of other popular European brands, Audi, SEAT and Skoda models were also reportedly affected. Its unclear
    whether CUPRA, Porsche and VW Groups other subsidiaries were also affected.

    Spiegel called the blunder a disgrace, noting that Volkswagen is already lagging behind rivals in the software space.

    Despite VWs unfortunate mistake close to a decade after the automotive giant was caught lying about the emissions of many of its diesel cars, its not the only company collecting customer data. In September 2023, we covered Mozilla research revealing that 25 major car manufacturers were collecting more data than they needed.

    As the boundaries between tech and cars draw ever nearer, customers and researchers are rightly raising more and more security concerns.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/over-800-000-electric-car-owners-and-dr ivers-may-have-had-private-info-exposed-online

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)