71 comments

[ 4.8 ms ] story [ 139 ms ] thread
TDLR: The data was held by VW subsidiary Cariad. The location data was available for Volkswagen 460,000 vehicles in Amazon cloud. It was 300.000 cars in Germany, 80,000 in Norway, 70,000 in Sweden, 60,000 in the UK, 61,000 in the Netherlands, 50000 in France, etc
And contrary to the privacy notice, gps data was not truncated.
(comment deleted)
I guess the product owner is still bumping that story card to the next sprint every fortnight.
Well, for some brands they truncated the GPS info. There is some likeliness that they misconfigured a branch of their software by mistake and a fix is to set the flag they already got (and then ensuring to keep the flag right on a permanent base ...)
If it is something required ny law it doesn't need a flag. Just remove the condition altogether.
Technically they were truncated to 6 decimal digits, giving a 10cm location precision... ;)
Was it in an S3 bucket?
Some articles says: "the data was accessible due to it being left on an unprotected and misconfigured Amazon cloud storage service." [1]

I'm not sure what Caraid does, but I continue to be surprised by the complete lack of security awareness from car makers. Why do they even need this data? If it's a safety feature, then sure, ping a remote endpoint every 60 second with your current location, but don't store it anything but the last ten minutes and delete everything after a week.

The automotive industry has such a shitty track record with software that it baffles the mind that they haven't improved or simply decided that it's not worth the risk. One quote stands out to me as particularly egregious: "Cariad responded to Spiegel saying that no sensitive data was exposed, adding that customers don’t need to take any action, as no sensitive information like passwords or payment data is affected."[2] That tells me that Cariad doesn't understand security or privacy AT ALL. Having someone know you location can be much more damaging/dangerous that losing your payment information. The difference is that passwords and credit cards is financial damage, which companies apparently understand, but location is people getting stalked or killed, once the first companies have been held financially reliable for providing location info to a killer, then perhaps something will improve. As long as losing your ability to accept a VISA card is more important than your customers physical safety nothing will change.

1) https://www.techspot.com/news/106155-volkswagen-data-leak-ex...

2) https://electrek.co/2024/12/30/massive-data-leak-at-volkswag...

>Why do they even need this data?

They sell it of course.

> Why do they even need this data?

The stated reasoning is that the want to track battery performance to optimize it, thus they need to see in what environment (weather and terrain) the vehicle is used to make sense of the data.

The second reason is that they offer "fleet management" for company cars, so that a dispatcher for some company can see which car is where and which to send to a customer.

Of course location data is valuable in many other ways as well ...

GPS car data was used to find a crossbow killer in the UK few years ago.

The killer torched the car but the car had already uploaded GPS and black box data.

https://www.bbc.co.uk/news/uk-wales-65985341

I recommend the referenced podcast there, the whole story is crazy.

To avoid such tracking would have been enough use a gps scrambler? Or maybe wrap the in-car GPS with tinfoil?
I don't know much about car tracking specifically, but I really doubt they have anything more than a simple GPS module. If you disable that, you lose fine-grained tracking. You'd still have the phone company triangulating your radio's location, which is lower-resolution, but you may want to disable that as well.

Really, disabling the radio entirely would be your best bet.

Could be tough. I imagine the bus connections between the gps, radio, and systems needed for the car to operate are often intertwined. Might be easier to find and cut the antenna leads.
Yep, that's one way to disable the radio!
Seems like the best option is to escape by bicycle.
But don't visit McDonalds in the following days
(comment deleted)
Wasn't it a CitiLink/rent-a-bike type of bikes, which have GPS modules on them?
> On X, some users tried to chase leads on Citi Bike - New York's bicycle rental system - for clues. One user posted details about a bike that seemed to have been the only one that left the area shortly after the shooting and headed toward Central Park. Police later told media outlets they believe that the killer likely used an unmarked e-bike, not a Citi Bike.

https://www.reuters.com/world/us/internet-sleuths-hunt-clues...

A car is not like a computer but a rack full with cables running across. To disable telemetry, the telematics module needs to be located and removed.

That touchscreen in the center of dashboard is just a self contained smoke and mirrors for occupant distraction. It does influence purchase decisions for a lot of people, but architecturally it's nearly purely decorative(especially in "legacy big auto" cars).

I am guessing but I suspect there is an "easily accessible" SIM slot somewhere. Might be somewhere convenient like behind a panel in the glovebox, or might be in the bowels of the engine bay along with the other ECU things.

I would be surprised if it was not "easily" removable though ... Unless they are using esims now?

(Nothing in modern cars is "easy" to do - everything is a bitch to access and tighten/untighten etc - even oil filters etc which in theory should be able to be changed regularly are sometimes in incredibly inaccessible locations)

The SIM card in my 2015 Tesla S is definitely not quickly accessible but it is fairly straightforward. Tesla's mobile service technician took close to 20 minutes to remove various bits of trim under the bonnet, replace the SIM card, put everything back together, and check that it worked.
In the Anglesea crossbow case, there were only 17 people on the island who'd brought crossbows. So presumably the police were going through his digital footprint with a fine toothed comb.

If you're one of 17 suspects; a car only you have the keys to gets stolen and burned on the night of the murder, with the car's GPS mysteriously failing during the theft; your Amazon purchase history shows you ordering a crossbow, the type of bolt used in the murder and a GPS jammer; the crossbow bolts you ordered have disappeared; your alibi is you were with someone who denies having been with you; and the phone network says your phone was in the area the murder happened?

You're probably still going to jail.

That was not the question, I'm only interested in the possibilities to avoid gps tracking not any other mistakes the killer might have done.
Just pull the fuse on the infotainment systems. Disconnect the antennas and pull the Sim card.

GPS jammers are (AFAIK) quite illegal in most places and buying one will attract much more attention than modifying your car in your garage.

While I fully support the privacy measures, I'd like to add a couple of caveats:

1) current cars have eSIMs embedded in the modules, no way to remove them.

2) assuming you can disable the (e)SIM, you also disable the eCall system. Although BMWs allow you to upload your own eSIM, I'm not sure which one is used for eCall / other services.

3) Disabling the MMI these days is fraught with peril, as they run the driver's display (speed, rpm etc) as well.

Buy a 2005 Honda Civic and avoid the tracking issue entirely
That level of telemetry-upload used to be easy enough to disable as there was a physical SIM card (usually in the glovebox); without that there was no remote connection. But I suspect it's a lot harder now, thanks to eSIMs etc.
In fleet management, the automotive is well ahead of physical sim cards.
I'd really like a wiki on how you can disable the remote crap on each model of car. Maybe I should start one, though I don't really know how to disable anything.
I'm so sick of everyone frivolously requiring mobile phone number and email address and there doesn't seem to exist much resistance from general user base.
Emails are fine, as they can be anonymous as long as you don't use one of the larger providers.

Phone numbers, not so much. They are in many countries tied to people's real IDs because something about stopping organized crime.

That’s basically the point though. Websites ask for your phone number because it’s the easiest way to limit abuse. Eventually everyone has a phone number, and very few have ways to create multiple.
> Eventually everyone has a phone number, and very few have ways to create multiple.

I agree that having a phone number often comes with a paper trail in many jurisdiction, but surely it's not common to make it hard to have multiple such numbers?

It's not unusual for someone to have a home landline phone, a personal cell phone, a work landline, and a work cell phone.

In fact it's so common that people in the snooping business already know ways to correlate them.

It's not hard to have multiple, but it's hard to have on-demand throwaway ones.
> the easiest way to limit abuse

It's also an almost perfect way to limit use (excluding the right people).

> Emails are fine, as they can be anonymous as long as you don't use one of the larger providers

I’ve always struggled with this.

If you use a large provider for your email, the provider can likely de-anonymize you, but the person you give your email address to will struggle.

If you use your own domain, you’ve de-anonymized yourself already.

So I guess you have to use a smaller provider like protonmail? Which gets messy once you start wanting to have lots of email addresses, or to use subaddressing of some sort?

It's those smaller providers I was hinting at. But that's true, some of them do not like us creating multiple accounts (like Protonmail), but others don't mind.

I think using a reliable smaller provider of the latter variaty and donating money to them would make a nice synergy.

Privacy doesn't exist in this 21st century.
Or put better, people need to adapt to the notion that most movement in public spaces is observed by a multitude of networked devices; most of which are not under your control.

Most cars have some sort of mobile connectivity, contain at least one passenger with an active mobile phone (also GPS equipped). Cars are probably one of the more easy to track and monitor things in public spaces.

And of course, many cars on the road are also equipped with cameras that are perfectly capable of capturing things like license plates of cars around them, which are of course designed to keep track of cars. Not to mention countless cameras monitoring traffic, speed limits, etc.

Most privacy protection is going to have to come from laws and legislation on how to access and use tracking data. That does still exist. But it's under a lot of pressure. There's so much tech out there that avoiding being tracked is only getting harder. Tin foil hats are not quite good enough at this point.

Also every device has a microphone now. Many even constantly listen, ostensibly for a "Hey Google" or whatever.
> Or put better, people need to adapt to the notion that most movement > in public spaces is observed by a multitude of networked devices

s/adapt to the notion/actively resist the fact/

there, fixed that for you.

Personal resistence and local and wider-level political organization to resist mass surveillance.

> people need to adapt

Are you eliciting or was that just a bad choice of words?

In many languages, "if you (A) adapt to something (B)", A changes (and possibly largely tolerates) and B does not. "If you (A) adapt something (B)", B changes after your action, A does not.

I suspect GP is being downvoted because of their choise of words. As someone who also doesn't speak English as a first language I think "people need to adapt" can also be understood in a positive manner. GP seems to suggest we need laws and legislation to fix this issue, and that would lead me to assume that they mean it in the same sense as "resist". In my language I think the literal translation of how we would prhase it might also be "adapt".
Is this another instance of "my external contractors need access my data but I cannot ask them to install an authenticator app on their BYOD mobiles"... Nor manage proper authentication for my randomly built BI suite?
Short answer: no.

Slightly longer answer: watch the recording, it’s very worthwhile.

Rmeinds me of these two tweets by Elon Musk on the Cybertruck explosion at a Trump hotel:

https://x.com/elonmusk/status/1874579547452269054

We have now confirmed that the explosion was caused by very large fireworks and/or a bomb carried in the bed of the rented Cybertruck and is unrelated to the vehicle itself.

All vehicle telemetry was positive at the time of the explosion.

https://x.com/elonmusk/status/1874558969802547611

The whole Tesla senior team is investigating this matter right now.

Will post more information as soon as we learn anything.

We’ve never seen anything like this.

---

It is obvious that car companies have a lot of access to the modern "highly connected" cars they are making. And perhaps also more than what they say officially and are sharing with authorities under normal circumstances.

I like the wording here:

>rented Cybertruck and is unrelated to the vehicle itself.

Because as we know Teslas and Cybertrucks don't randomly self-ignite https://www.autoevolution.com/news/the-third-documented-tesl...

I thought the line: "All vehicle telemetry was positive at the time of the explosion." was more telling.
Is this a technical term or just bla bla?
It's quite generic, because his target audience is what it is, but the sentence means the CT metrics were ok and no fault was visible in state reported to the engineers.
It also hints at realtime communications and extensive logs between the car and teslas servers.
>a lot of access to the modern "highly connected" cars they are making

The systems for this are super complex, we (software engineers) build absolutely huge and complex systems for everything. Lots of functionality is often forgotten and just lives as an old website IE6-compatible somewhere. And honestly, we have no idea what's there, but millions of SEs over the last 30 years had to build lots of thing, right?

One such example that always interests me was 2013 - when PM of Cyprus decided to claim 10% of money on every bank account people had. https://www.irishexaminer.com/world/arid-30588134.html

Consider that that functionality had to be somewhere centralised with a standardised API, available to the PR and his team, supported by every bank in Cyprus and regularly tested. Your PM must also have such tools available, and more. Knowledge about such tools must be protected and available to only a handful of people.

It's scary how surveillant car companies now. Next thing you know, the companies will track what you do in your car.
Was this rhetoric?!

Are you aware of the Mozilla Foundation report on Privacy and Cars, https://foundation.mozilla.org/en/privacynotincluded/article... - "we reserve the right to profile your sexual activities", "you are responsible for informing your passengers that by entering your car they renounce to privacy"?

Are you aware of the news about Tesla employees exchanging recordings of car owners - https://www.reuters.com/technology/tesla-workers-shared-sens... , https://www.theverge.com/2023/4/6/23672760/tesla-employees-s... , https://arstechnica.com/tech-policy/2023/04/tesla-workers-sh... ? (Title on ArsTechica: "Tesla workers shared images from car cameras, including “scenes of intimacy”")

[flagged]
Try using old cars in territories where it is forbidden. In some areas, if you want to use old cars you have to renounce to entering even small cities and the villages surrounding big cities.
That's the thing about a '69 VW beetle, or a '32 Ford, or any other "classic" car. The cops will mostly leave you alone regardless of the law because you don't fit the profile of people they want to apply threat of state violence to.

Now, if you were driving something from the 90s the cops would be all over you because you'd get profiled as exactly the sort of white trash that the police's stakeholders want to see lots of jackboot applied to.

That said, even in the "classic" car you're accepting the risk that any given cop can choose to screw you on a whim and the more you expose yourself to such risks the odds of getting unlucky just keep going up.

(comment deleted)