this post was submitted on 28 Dec 2024
93 points (98.9% liked)

Europe

1668 readers
798 users here now

News and information from Europe 🇪🇺

(Current banner: La Mancha, Spain. Feel free to post submissions for banner images.)

Rules (2024-08-30)

  1. This is an English-language community. Comments should be in English. Posts can link to non-English news sources when providing a full-text translation in the post description. Automated translations are fine, as long as they don't overly distort the content.
  2. No links to misinformation or commercial advertising. When you post outdated/historic articles, add the year of publication to the post title. Infographics must include a source and a year of creation; if possible, also provide a link to the source.
  3. Be kind to each other, and argue in good faith. Don't post direct insults nor disrespectful and condescending comments. Don't troll nor incite hatred. Don't look for novel argumentation strategies at Wikipedia's List of fallacies.
  4. No bigotry, sexism, racism, antisemitism, dehumanization of minorities, or glorification of National Socialism.
  5. Be the signal, not the noise: Strive to post insightful comments. Add "/s" when you're being sarcastic (and don't use it to break rule no. 3).
  6. If you link to paywalled information, please provide also a link to a freely available archived version. Alternatively, try to find a different source.
  7. Light-hearted content, memes, and posts about your European everyday belong in [email protected]. (They're cool, you should subscribe there too!)
  8. Don't evade bans. If we notice ban evasion, that will result in a permanent ban for all the accounts we can associate with you.
  9. No posts linking to speculative reporting about ongoing events with unclear backgrounds. Please wait at least 12 hours. (E.g., do not post breathless reporting on an ongoing terror attack.)

(This list may get expanded when necessary.)

We will use some leeway to decide whether to remove a comment.

If need be, there are also bans: 3 days for lighter offenses, 14 days for bigger offenses, and permanent bans for people who don't show any willingness to participate productively. If we think the ban reason is obvious, we may not specifically write to you.

If you want to protest a removal or ban, feel free to write privately to the mods: @[email protected], @[email protected], or @[email protected].

founded 6 months ago
MODERATORS
[email protected]
[email protected]
[email protected]
93
Volkswagen Data Breach: 800,000 Electric Car Owners’ Data Leaked (cybersecuritynews.com)
submitted 5 days ago by [email protected] to c/[email protected]
14 comments fedilink hide all child comments
 

cross-posted from: https://infosec.pub/post/21710275

Volkswagen has inadvertently exposed the personal information of 800,000 electric vehicle owners, including their location data and contact details. The breach, which occurred due to a misconfiguration in the systems of Cariad, VW’s software subsidiary, left sensitive data stored on Amazon Cloud publicly accessible for months. The exposed information included precise GPS data, which allowed […] The post Volkswagen Data Breach: 800,000 Electric Car Owners’ Data Leaked appeared first on Cyber Security News.

top 14 comments
sorted by: hot top controversial new old
[–] [email protected] 26 points 5 days ago (1 children)

Thank you Volkswagen for providing the valuable public service of reminding everyone that letting your car have a network connection is a bad idea.

[–] [email protected] 3 points 4 days ago (2 children)

With an EV, my guess is that the charging protocol at public charging stations probably also has the car identify itself and the charging station will record that.

[–] [email protected] 2 points 3 days ago

Why on Earth would an electrical car need to identify itself to a charging station?Except for tracking its whereabouts?

Don't say for billing, because for payment on all sorts of self service vending machines, which charging stations for electrical cars pretty much are, other solutions (some with just as much tracking potential) have been existing for a long time, no need to reinvent the square wheel here.

[–] Rednax 4 points 4 days ago

According to the article, precise GPS data was stolen. That is much worse than info about when and where you charged your car.

[–] [email protected] 24 points 5 days ago (1 children)

Under GDPR this should incur massive fines. Let’s see how deep the German government is willing to crawl into their exhaust.

[–] [email protected] 9 points 5 days ago

Spoiler: aaaaaall the way.

[–] [email protected] 12 points 5 days ago (1 children)

What possible reason could VW have for collecting this information in the first place?

[–] [email protected] 15 points 5 days ago (1 children)

Data is money. Whatever data a company can legally collect (or get away with illegally collecting), they will collect.

[–] [email protected] 10 points 5 days ago

Granted. I should have said “legitimate” reason.

[–] asbestos 12 points 5 days ago (2 children)

Are there any universal guides (like iFixit) to disable cars cellular network modules?

[–] [email protected] 11 points 5 days ago

I don't actually know if that's legal anymore, because the SOS function is now required by the EU. (Also, iiuc, this breach apparently came from people who logged into the VW app to preheat their car, etc.)

[–] [email protected] 8 points 5 days ago

In some cases, the SIM card isn’t difficult to locate and remove. The problem comes if these chucklefucks decided to make local systems dependent on the data connection (e.g. subscription options)

[–] [email protected] 6 points 4 days ago* (last edited 4 days ago)

Additionally, 68% of the brands had experienced hacks, security incidents, or data leaks in the previous three years.

That were detected and we know of.

[–] SpaceNoodle 5 points 5 days ago

CARIAD is such a clusterfuck.