Volkswagen’s automotive software company, Cariad, exposed data collected from around 800,000 electric cars. The info could be linked to drivers’ names and reveal precise vehicle locations.
Terabytes of Volkswagen customer details in Amazon cloud storage remained unprotected for months, allowing anyone with little technical knowledge to track drivers’ movement or gather personal information.
Continuing, the article states:
Access to the car data was possible due to Cariad’s incorrect configuration in two IT applications, a company representative told BleepingComputer.
Adding insult to injury?
From the nearly 800,000 vehicles exposed, the researchers found geo-location data for 460,000 cars, for some of them with an accuracy of ten centimeters.
If you’re not sitting down, this one paragraph says:
“In the case of VW models and Seats, this geodata was accurate to within ten centimeters, and for Audis and Skodas to within ten kilometers and was, therefore, less problematic” – Spiegel
The company reacted quickly, said the article, but only after they received technical details. Its important that we configure our stuff to the best of our ability, and only put stuff like this in secure places that has a harder time of being accessed.
How many times have we seen this stupid shit where someone decided to leave their instance of some product open to the Internet? What can possibly go wrong!
This is becoming old, and I’m sure that people are tired of seeing this kind of fucking stupidity on a regular. A one-time thing, maybe … but I’ve seen this time and time again. Companies just don’t fucking learn jack shit, do they?
Cariad says that customers of the Volkswagen Group brands can agree to use products and services that require the processing of personal data and can deactivate the option at any time.
Really, are you sure they understand the reprocutions of this sharing in an instance like this? Nobody told the customers you were storing the data in an unprotected place, and they now are going to find out the hard way. Good job!
However, the company notes that the data collected from the vehicles helps it “provide, develop, and improve digital functions” for its customers as well as create additional benefits.
“Without this data, smart, digital and personalized functions could not be provided, optimized or expanded” – Cariad
As an example, the company explains that customers’ charging behavior and habits are anonymized and help optimize future battery generations and charging software.
At the same time, the collected data is stored in the cloud in a way that protects the identity of the customer and their movement with the vehicle.
I guess not if you can get the data to match up with certain people, the research said so in the article. They made it harder, but that sounds to me like it wasn’t that hard.
“The brands in the Volkswagen Group collect, store, transmit and use personal data exclusively within the framework of legal regulations and an existing contractual relationship, legitimate interests or explicit consent from the customer,” Cariad says.
Bull fucking shit, I call. Explicit conscent that you will store the data in an unprotected form, that has been out there for years and only disclosed now. Try the fuck again!
The automotive software company also says that it employs strong data protection practices that include storing data points separately, restrictive access rights, pseudonymization, and anonymization, as well as aggregating and processing data within stated purposes.
If you could deanonymize the data, then the article wouldn’t state that you could find the data presumably from a president in a certain country now could you?
To read the whole article, get a load of of 4 items
Home
News
?
Security
?
Customer data from 800,000 elec and form your own opinion.
This is getting old, I can assure you.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.