cross-posted from: https://infosec.pub/post/21710275
Volkswagen has inadvertently exposed the personal information of 800,000 electric vehicle owners, including their location data and contact details. The breach, which occurred due to a misconfiguration in the systems of Cariad, VW’s software subsidiary, left sensitive data stored on Amazon Cloud publicly accessible for months. The exposed information included precise GPS data, which allowed […] The post Volkswagen Data Breach: 800,000 Electric Car Owners’ Data Leaked appeared first on Cyber Security News.
If VW put a petrol engine in these cars, the breach would have been identical. The fact these are EVs is incidental to the story. Why is it part of the headline?
As far as can tell it only affects cars with Cariad software which seems to be used by VW group EVs.
Why the fuck do cars need to be connected to the Internet all the time? I fear the day when all cars will be subject to stupid shit like this
Because people want cars with maps and traffic data? Is that really such a god awful thing to want in your car?
I’m no cyber security expert, but couldn’t a dumb car whose console occasionally hooks up to your phone to provide navigation data work just as fine with fewer security holes?
You can, but now you’ve built a car that depends on something else for a core feature people want.
There’s nothing stopping them from building a car with an LTE connection that only connects to the display for navigation as well with it’s own CPU and everything 100% air gapped from the rest of the car system, but you limit your functionality when you do that as well.
…man if only there was something in my pocket that has an infotainment app that auto makers can add to their cars that provided that functionality without the automakers needing to add much.
If only right?
That just shifts the privacy problems from the automaker to the smartphone OS maker.
I use GrapheneOS which only within the last year got Android Auto support, and even then it requires giving Google shit a lot of deep access to stuff I really don’t want to give.
Carplay and Android Auto should not be the only options (like when the car native nav is requires for stuff like battery preconditioning)
So, car manufacturers have to give up control of their car and use software by other people which will impose limitations on them. Gotcha. And everything needed for that to work is exactly what they would need to add if they did it themselves, except a cell connection (edit: and the GPS)
F
