VW Suffers Major Breach Exposing Location of 800,000 Electric Vehicles (cyberinsider.com)
from minyaen@lemmy.ml to cybersecurity@sh.itjust.works on 27 Dec 20:05
https://lemmy.ml/post/24103191

If emphasis wasn’t already concentrated on the security of these connected vehicles, major oversight obviously…

#cybersecurity

threaded - newest

BearOfaTime@lemm.ee on 27 Dec 21:24 next collapse

All together now:

I. Told. You. So.

cyborganism@lemmy.ca on 27 Dec 21:32 next collapse

Man… just stop putting complex computers that connect online, turning every fucking thing from your toaster to your whole house into an IoT. We don’t need this.

I just want four wheels with a steering wheel and a couple of pedals to operate my electric car. Not a god damn glorified tablet on wheels.

taladar@sh.itjust.works on 27 Dec 21:59 collapse

As people have been saying for years, the S in IoT stands for security.

cyborganism@lemmy.ca on 27 Dec 22:55 collapse

😂 😂 😂 😂

MakingWork@lemmy.ca on 27 Dec 21:45 next collapse

Article says the following was breached:

Detailed location logs showing exactly where and when cars were parked.

Personal information of owners, such as names, email addresses, and phone numbers.

Insights into users’ routines, workplaces, leisure spots, and even sensitive visits, such as government offices, hospitals, and private establishments.

That is a lot of information about a person’s life.

Zorsith@lemmy.blahaj.zone on 28 Dec 04:55 collapse

Aggregating information can increase its sensitivity level, government employees deal with this on a regular basis; why are they giving data breeches like this the kiddie gloves?

Someonelol@lemmy.dbzer0.com on 27 Dec 22:58 next collapse

This won’t persuade legislators to pass vehicle privacy laws one bit. Not until it personally affects them.

taladar@sh.itjust.works on 27 Dec 23:00 collapse

So what you are saying is that unless the next CEO assassin uses vehicle data to figure out where his target is it won’t happen?

Someonelol@lemmy.dbzer0.com on 28 Dec 00:44 collapse

Well if you frame it like that you might get their attention sooner.

sunzu2@thebrainbin.org on 28 Dec 00:12 next collapse

Fuck the pedons harder, daddies

sudo42@lemmy.world on 28 Dec 02:16 next collapse

Cariad emphasized that the data involved was not sensitive personal information like passwords or payment details, and no vehicles or services were impacted. Only certain vehicle data from online-connected cars were affected.

The company said “no[t] sensitive personal information” was involved. Nothing to see here. Move along. /s

What they actually said was, “None of our personal information was exposed, so we’re not concerned.”

original_reader@lemm.ee on 28 Dec 07:17 collapse
quoll@lemmy.sdf.org on 28 Dec 05:14 next collapse

maybe we could start to reduce the cost of electric cars by not overloading them with all the connected internet of shit crap?!?

i know the kids in china like to have karaoke machines in their cars… but i kinda just want bluetooth for my music and thats it.

atrielienz@lemmy.world on 28 Dec 15:10 collapse

It doesn’t cost them much of anything to include the modem (which is the main problem), and the data they receive is very valuable. I agree that less tech is good and all new cars (not just electric) are full of stuff I would prefer they came without. But the connected Internet shit also allows for software updates OTA. That’s a double edged sword. Without it you’d have to take your vehicle to a dealer if it needed a necessary software update (for a recall for instance). But obviously, having it means they can do things to your car without you even necessarily knowing or understanding what is happening (risky, for multiple reasons, including removing features with a botched software update).

original_reader@lemm.ee on 28 Dec 07:18 next collapse

What happens if I disable the Internet connection of my car?

MonkderVierte@lemmy.ml on 28 Dec 13:22 next collapse

You are not allowed to drive anymore; your car needs to be able to call emergency response. Is an EU rule.

Edit: called eCall, compulsory.

When eCall is activated, it connects to the nearest emergency response centre, using both a telephone and data link. This allows you and the passengers in the vehicle to communicate with the emergency centre operator and at the same time, a minimum set of data is automatically transmitted (your exact location, the time of the accident, your vehicle’s identification number and direction of travel). This allows the emergency services to assess and manage your situation.

InFerNo@lemmy.ml on 28 Dec 13:49 next collapse

That sounds like it should be able to make a mobile call, not connect to the internet, but they probably require the latter.

Mr_Blott@feddit.uk on 28 Dec 15:25 collapse

Your eCall system is only activated if your vehicle is involved in a serious accident. The rest of the time the system remains inactive. This means that when you are simply driving your vehicle, no tracking (registering your car’s position or monitoring your driving) or transmission of data takes place.

When a call is made through your 112-based eCall system, your personal data is processed according to EU data protection rules. This means that the emergency services only receive the limited data they need to deal with the accident situation, your data is not stored for any longer than necessary, and is removed when no longer required. Read more about EU data protection and privacy rules.

Important bit emphasised

MonkderVierte@lemmy.ml on 28 Dec 18:59 collapse

Yes, thanks. My question is more, if the vendor already has to add a sim card and data plan, are they forbidden from using it for other things?

Mr_Blott@feddit.uk on 28 Dec 21:06 next collapse

G D P R

MonkderVierte@lemmy.ml on 28 Dec 22:40 collapse

Can’t sue if nobody knows about it.

gloriousspearfish@feddit.dk on 28 Dec 21:28 collapse

They don’t need a sim and days plan, if they only call 112.

MonkderVierte@lemmy.ml on 28 Dec 22:39 collapse

using both a telephone and data link. […] a minimum set of data is automatically transmitted (your exact location, the time of the accident, your vehicle’s identification number and direction of travel).

atrielienz@lemmy.world on 28 Dec 15:06 collapse

Depends on the car and whether or not you can even get to that modem connection without tearing apart the interior. The main problem is if it’s linked to the main computer (ECU), or similar. If it is, your vehicle may be undrivable. It’s better to talk to the company who made your car and have them disable it. You may have to have a lawyer do so. If you’re buying a new car it is certainly possible to disagree to those terms that would activate it. But apparently not possible to have them build the car without it (which I think is bogus as hell). There was a big article about this after an investigation by Mozilla more than a year ago. People on reddit (I know !) were pretty mad about it then and they were looking for solutions. The consensus was that some cars you can get to the modem, some cars you can’t.

Also, you may not be able to receive necessary software updates (recalls etc) if you do disable it.

MonkderVierte@lemmy.ml on 28 Dec 13:31 next collapse

Cariad emphasized that the data involved was not sensitive personal information like passwords or payment details, and no vehicles or services were impacted. Only certain vehicle data from online-connected cars were affected.

Mhm. This is the german version: heise.de/…/In-der-Cloud-abgelegt-Terabyte-an-Bewe…

Summary: 10 TB of location data, half of it exact enough (10 cm) to allow conclusions to living conditions. Partially connected to app profiles with address and phone number.

sith@lemmy.zip on 28 Dec 15:41 collapse

VW just don’t understand software. The car computer in my Passat GTE 2020 is quite broken and they won’t fix it even during an 1000 € “official” service. I basically have to hack/flash the computer myself if I want it to become fully functional. Not really what I want to do, considering how much money I’ve been pouring into this silver beast…