Over 800,000 electric car owners and drivers may have had private info 
exposed online

Date:
Mon, 30 Dec 2024 09:36:50 +0000

Description:
Data from 800,000 Audi, SEAT, Skoda and Volkswagen cars was stored insecurely
in an Amazon cloud folder.

FULL STORY

Cariad, a subsidiary of Volkswagens automotive software reportedly left the
sensitive data of 800,000 electric vehicles exposed in an unsecured Amazon
cloud storage folder, reports have claimed. 

The concern comes after Nadja Weippert, Mayor of Tostedt, Lower Saxony, 
delved into the app she was required to download to use the remote
functionality of her Volkswagen ID.3. 

She found that it was collecting precise geolocation data every time the car
was turned off, creating a detailed picture of where she had been.

VW collecting customer data insecurely

The vulnerability was first discovered by a European ethical hacking
organization, Chaos Computer Club (CCC), which was informed by a
whistleblower. CCC confirmed the issue on November 26 and notified Cariad,
giving the company 30 days to make the data inaccessible. 

Cariad acknowledged the issue stemmed from poor configurations in two IT
applications, responding within just hours and thanking the CCC for its work.
CCC spokesman Linus Neumann praised VWs software firm (via Spiegel ,
translated with Google Translate): "The Cariad technical team responded
quickly, thoroughly and responsibly. 

German publication Spiegel revealed that more than half of the vehicles
(460,000) were sharing precise GPS data. Most of the 800,000 affected models
were located in Germany (300,000), with Norway, Sweden, the UK, the
Netherlands, France, Belgium, Denmark, Switzerland and Austria also being 
home to tens of thousands of affected electric vehicles. 

Because Volkswagen is the parent company of other popular European brands,
Audi, SEAT and Skoda models were also reportedly affected. Its unclear 
whether CUPRA, Porsche and VW Groups other subsidiaries were also affected. 

 Spiegel called the blunder a disgrace, noting that Volkswagen is already
lagging behind rivals in the software space. 

Despite VWs unfortunate mistake close to a decade after the automotive giant
was caught lying about the emissions of many of its diesel cars, its not the
only company collecting customer data. In September 2023, we covered Mozilla
research revealing that 25 major car manufacturers were collecting more data
than they needed. 

As the boundaries between tech and cars draw ever nearer, customers and
researchers are rightly raising more and more security concerns.

======================================================================
Link to news story:
https://www.techradar.com/pro/security/over-800-000-electric-car-owners-and-dr
ivers-may-have-had-private-info-exposed-online

$$
--- SBBSecho 3.20-Linux