216

If emphasis wasn't already concentrated on the security of these connected vehicles, major oversight obviously...

top 26 comments
sorted by: hot top controversial new old
[-] MonkderVierte@lemmy.ml 20 points 22 hours ago* (last edited 22 hours ago)

Cariad emphasized that the data involved was not sensitive personal information like passwords or payment details, and no vehicles or services were impacted. Only certain vehicle data from online-connected cars were affected.

Mhm. This is the german version: https://www.heise.de/news/In-der-Cloud-abgelegt-Terabyte-an-Bewegungsdaten-von-VW-Elektroautos-gefunden-10220623.html

Translated: 10 TB of location data, half of it exact enough (10 cm) to allow conclusions to living conditions. Partially connected to app profiles with address and phone number.

[-] quoll@lemmy.sdf.org 18 points 1 day ago

maybe we could start to reduce the cost of electric cars by not overloading them with all the connected internet of shit crap?!?

i know the kids in china like to have karaoke machines in their cars... but i kinda just want bluetooth for my music and thats it.

[-] atrielienz@lemmy.world 1 points 20 hours ago

It doesn't cost them much of anything to include the modem (which is the main problem), and the data they receive is very valuable. I agree that less tech is good and all new cars (not just electric) are full of stuff I would prefer they came without. But the connected Internet shit also allows for software updates OTA. That's a double edged sword. Without it you'd have to take your vehicle to a dealer if it needed a necessary software update (for a recall for instance). But obviously, having it means they can do things to your car without you even necessarily knowing or understanding what is happening (risky, for multiple reasons, including removing features with a botched software update).

[-] MakingWork@lemmy.ca 65 points 1 day ago

Article says the following was breached:

Detailed location logs showing exactly where and when cars were parked.

Personal information of owners, such as names, email addresses, and phone numbers.

Insights into users’ routines, workplaces, leisure spots, and even sensitive visits, such as government offices, hospitals, and private establishments.

That is a lot of information about a person's life.

[-] Zorsith@lemmy.blahaj.zone 18 points 1 day ago

Aggregating information can increase its sensitivity level, government employees deal with this on a regular basis; why are they giving data breeches like this the kiddie gloves?

[-] sith@lemmy.zip 2 points 20 hours ago* (last edited 20 hours ago)

VW just don't understand software. The car computer in my Passat GTE 2020 is quite broken and they won't fix it even during an 1000 € "official" service. I basically have to hack/flash the computer myself if I want it to become fully functional. Not really what I want to do, considering how much money I've been pouring into this silver beast...

[-] Someonelol@lemmy.dbzer0.com 35 points 1 day ago

This won't persuade legislators to pass vehicle privacy laws one bit. Not until it personally affects them.

[-] taladar@sh.itjust.works 30 points 1 day ago

So what you are saying is that unless the next CEO assassin uses vehicle data to figure out where his target is it won't happen?

[-] Someonelol@lemmy.dbzer0.com 14 points 1 day ago

Well if you frame it like that you might get their attention sooner.

[-] cyborganism@lemmy.ca 43 points 1 day ago

Man... just stop putting complex computers that connect online, turning every fucking thing from your toaster to your whole house into an IoT. We don't need this.

I just want four wheels with a steering wheel and a couple of pedals to operate my electric car. Not a god damn glorified tablet on wheels.

[-] taladar@sh.itjust.works 41 points 1 day ago

As people have been saying for years, the S in IoT stands for security.

[-] cyborganism@lemmy.ca 9 points 1 day ago

πŸ˜‚ πŸ˜‚ πŸ˜‚ πŸ˜‚

[-] original_reader@lemm.ee 8 points 1 day ago

What happens if I disable the Internet connection of my car?

[-] atrielienz@lemmy.world 5 points 21 hours ago

Depends on the car and whether or not you can even get to that modem connection without tearing apart the interior. The main problem is if it's linked to the main computer (ECU), or similar. If it is, your vehicle may be undrivable. It's better to talk to the company who made your car and have them disable it. You may have to have a lawyer do so. If you're buying a new car it is certainly possible to disagree to those terms that would activate it. But apparently not possible to have them build the car without it (which I think is bogus as hell). There was a big article about this after an investigation by Mozilla more than a year ago. People on reddit (I know !) were pretty mad about it then and they were looking for solutions. The consensus was that some cars you can get to the modem, some cars you can't.

Also, you may not be able to receive necessary software updates (recalls etc) if you do disable it.

[-] MonkderVierte@lemmy.ml 2 points 22 hours ago* (last edited 21 hours ago)

You are not allowed to drive anymore; your car needs to be able to call emergency response. Is an EU rule.

Edit: called eCall, compulsory.

When eCall is activated, it connects to the nearest emergency response centre, using both a telephone and data link. This allows you and the passengers in the vehicle to communicate with the emergency centre operator and at the same time, a minimum set of data is automatically transmitted (your exact location, the time of the accident, your vehicle's identification number and direction of travel). This allows the emergency services to assess and manage your situation.

[-] Mr_Blott@feddit.uk 3 points 20 hours ago* (last edited 20 hours ago)

Your eCall system is only activated if your vehicle is involved in a serious accident. The rest of the time the system remains inactive. This means that when you are simply driving your vehicle, no tracking (registering your car's position or monitoring your driving) or transmission of data takes place.

When a call is made through your 112-based eCall system, your personal data is processed according to EU data protection rules. This means that the emergency services only receive the limited data they need to deal with the accident situation, your data is not stored for any longer than necessary, and is removed when no longer required. Read more about EU data protection and privacy rules.

Important bit emphasised

[-] MonkderVierte@lemmy.ml 1 points 17 hours ago

Yes, thanks. My question is more, if the vendor already has to add a sim card and data plan, are they forbidden from using it for other things?

[-] gloriousspearfish@feddit.dk 1 points 14 hours ago

They don't need a sim and days plan, if they only call 112.

[-] MonkderVierte@lemmy.ml 1 points 13 hours ago

using both a telephone and data link. […] a minimum set of data is automatically transmitted (your exact location, the time of the accident, your vehicle's identification number and direction of travel).

[-] Mr_Blott@feddit.uk 1 points 15 hours ago
[-] MonkderVierte@lemmy.ml 1 points 13 hours ago

Can't sue if nobody knows about it.

[-] InFerNo@lemmy.ml 2 points 22 hours ago

That sounds like it should be able to make a mobile call, not connect to the internet, but they probably require the latter.

[-] sudo42@lemmy.world 16 points 1 day ago

Cariad emphasized that the data involved was not sensitive personal information like passwords or payment details, and no vehicles or services were impacted. Only certain vehicle data from online-connected cars were affected.

The company said "no[t] sensitive personal information" was involved. Nothing to see here. Move along. /s

What they actually said was, "None of our personal information was exposed, so we're not concerned."

[-] BearOfaTime@lemm.ee 12 points 1 day ago

All together now:

I. Told. You. So.

[-] sunzu2@thebrainbin.org 1 points 1 day ago

Fuck the pedons harder, daddies

this post was submitted on 27 Dec 2024
216 points (99.1% liked)

Cybersecurity

5861 readers
125 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago
MODERATORS