We need a way to disable vehicle telemetry.
No, a software switch is not enough. We need to be able to physically unplug the cellular modem entirely and have the vehicle work with 100% functionality (barring features which inherently require cellular connectivity like turning the heating on remotely)
Car manufacturers' features are mostly useless anyway thanks to Android Auto/Apple CarPlay
Best of from 38th CCC: every three letter secret service of the country seems to be spyied out by this. And a secret VW testing facility in sweden was uncovered.
Also, effects mostly EVs, but not only. (If the EV motor was the group usually logged to the opened AWS bucket, I don't understand how there were ICE or possibly hybrid cars involved in the leak.)
https://streaming.media.ccc.de/38c3/ had a german language video on it, live, but will surely add english translation and permanent video link soon.
The answer is simple: No matter the reason, if you have a data breach you must pay each person 100$ min with higher amounts depending on the information lost. Additionally, if that information is used in a crime then you are liable for further damages. Car companies, and other data vacuums, will just stop collecting it if they are liable for what happens to it.
I will not buy a car that does this. I am starting to turn my phone off when I am not using it as well. Being tracked every second of my life is not acceptable.
This is made worse by the fact that they created a really bad UX for their cars in the name of data protection (at least in Germany). Example: you have to accept the T&C of the online services with every(!) start of the vehicle. If you don’t press either the accept or reject button, you can’t enter any of the nav / entertainment/ … screens.
In the name of data protection, you are not even allowed to have two main users of the car. As a result, it’s either me or my SO being able to see the car‘s state of charge in the mobile app. It’s impossible for both to see it except you do account sharing
Find the guys who usually park at expensive family homes, but occasionally visit a known brothel, then blackmail them.
We all just let surveillance haplen to us, in fact we paid for most of it
EVs are topping the list of (imho) useless extras in cars. I'm still cherishing my Honda Fit pre-touchscreen edition. I'm going to drive it until it will fall apart. My next car will be an EV but I have yet to find one that still comes with mechanical features (door handles, knobs/buttons), without a whole battery of surveillance/telemetry tech and (crossing fingers) exchangable batteries. Simple electric propulsion ...
Why the sideways fuck did they even have location data to begin with? It's like the checklist for buying a new car starts with figuring out what circuit drives the cell modem and pop that fuse out before taking a test drive to confirm it doesn't brick anything critical. Fucking ridiculous.
If it so bad there is actually a whistleblower then how do they pass their ISO27001 audits? Bit too friendly with TUV Nord?
https://cariad.technology/content/dam/digitalmindofmobility/...
EDIT: Just noticed this is an ISO9001 certificate. Though on their job offer site they do ask for "Foundational understanding of security related regulations and standards preferred (e.g. ISO21434, ISO27001, NIST-800)". Unclear if they are actually ISO 27001. Found the 9001 one by fluke, they don't seem to list that one on their site either.
I wonder if they were all petrol vehicles, or all diesel if that would be so prominent in the headline. The drive train has nothing to do with an unsecured s3 bucket, and if you think that electric vehicles are the only “connected” cars in 2024, you’re in for a shock.
Ah, here's my daily reminder to treat my 2005 Honda like a princess and hope it never, ever dies.
Why is nobody talking about the fact that this should not be possible? There is precisely zero reason for them to have this location data. Give the CEO one year of jail per person whose location was illegally tracked.
I so hope this will start an avalanche and car companies will not be able to get away with collecting so much data about users (cars, but that's pretty close).
Especially in the EU, the hypocrisy is jarring: on one hand, GDPR, protecting users from surveillance by businesses, etc, and on the other hand, car companies get a free pass, because they are car companies, and the EU likes car companies.
I'm curious if the breach is from the German core Cariad or the Swedish subsidiary/joint-venture, WirelessCar?
Based on what sort of data was exposed, it seems plausible that it is one of the services from WirelessCar.
As a former owner of 3 VW vehicles, it does not surprise me that they have skipped obvious steps needed to secure owner data. They cut costs across the board on everything involved in producing vehicles for sale in the US to the point where their interior plastics were half the thickness of competitor's interior furnishings and their wire harnesses used the smallest gauge wire possible to carry the loads expected.
Soon we'll be in an era where our vehicles are geofenced.
Stop people driving to protests? areas of strategic interest? congestion? Yep that's all coming quick.
VW got caught because of their shit security but what is the situation with all other car makers?
The US does not have a GDPR so the collection of this information is legal. How much data is lying around at GM and others for someone to abuse?
Hey EU, maybe mandate an opt out for all vehicle telemetry?
Then maybe the rest of the world will follow suit.
I know, I know, I am kidding myself.
I'll be holding on to my dumb 2012 civic for as long as I can
Not surprised- VWs CarNet app for interacting with the car is the single worst software I have ever used… I would literally believe that their entire software engineering team consists of a single 11 year old with 2 weeks of coding experience.
Every satellite imaging company knows where they are.
I had to opt in to this shit to get firmware updates. I'm very angry. This explains the laggy infotainment on my id.3 if these idiots were involved in its creation.
I can't seem to find a link to the leaked data. I want to see if I'm in it.
As per this guy, maybe I should sell my vehicle before VW is sued out of existence. https://www.reddit.com/r/electricvehicles/comments/1hnh3sg/c...
That could be a nail in the coffin to end VW, the EU GDPR is quite a sharp weapon.
Isn't this a GDPR violation by VW?
[flagged]
Sofa King stupid. Why add this shit that is a liability?
Maybe legal needs to have a talk with marketing.