Connected cars are great—at least until some company leaves unencrypted location data on the Internet for anyone to find. That’s what happened with over 800,000 EVs manufactured by the Volkswagen Group, after Cariad, an automative software company that handles much of the development tasks for VW, left several terabytes of data unprotected on Amazon’s cloud.
According to Motor1, a whistleblower gave German publication Der Spiegel and hacking collective Chaos Computer Club a heads-up about the misconfiguration. Der Spiegel and CCC then spent some time sifting through the data, with which allowed them to tie individual cars to their owners.
“The security hole allowed the publication to track the location of two German politicians with alarming precision, with the data placing a member of the German Defense Committee at his father’s retirement home and at the country’s military barracks,” wrote Motor1.
Source : https://arstechnica.com/cars/2024/12/whistleblower-finds-unencrypted-location-data-for-800000-vw-evs/
