Skip to main content

Unprotected VW Data Exposed Locations Of 800,000 EVs

There’s no indication anyone nefarious accessed the information before VW software provider Cariad patched the vulnerability.

Volkswagen ID.BUZZ front blue
Anthony Alaniz Anthony Alaniz
By: Anthony Alaniz
at 1:24pm ET
Share
Comment

A security oversight by software company Cariad left the location data of 800,000 VW Group electric cars in Europe exposed on the open internet for several months, a new report claims. A whistleblower informed Spiegel, a German news outlet, and a European hacker association of the vulnerability, which linked the information with other personal details such as an owner’s name.

The security hole allowed the publication to track the location of two German politicians with alarming precision, with the data placing a member of the German Defense Committee at his father’s retirement home and at the country’s military barracks. Spiegel also profiled a mayor, with her car collecting her movements from the town hall where she worked to her physical therapist. It found data for cars from Volkswagen, Audi, SEAT, and Skoda, alongside incredibly detailed data bout VW ID.3 and ID.4 owners. 

The publication said it found several terabytes of data accessible on Amazon cloud storage, including the precise location of 460,000 vehicles that could allow it to draw conclusions about the lives of those who own the vehicles. It found information about the Hamburg police department’s 35 electric cars in its fleet, other politicians, business leaders, employees of the Federal Intelligent Services, and drivers to the United States Air Force’s Ramstein Air Base.

The hacker group, the Chaos Computer Club, informed Cariad about the vulnerability, which quickly patched the issue. Cariad told Spiegel that the vulnerability was a “misconfiguration” and that the company doesn’t merge data that would allow someone to create a profile about a person. According to the company, the researchers had to combine different data sets by “bypassing several security mechanisms.” It also said it's unaware of anyone accessing the data other than CCC.  

Security Matters:

Automakers Are "Terrible" When It Comes to Personal Data And Privacy: Study
Automakers Sold Your Data for Pennies [Update]
Get the best news, reviews, columns, and more delivered straight to your inbox, daily.
For more info, read our Privacy Policy & Terms of Use.

Sources: Spiegel, Chaos Computer Club

Share this Story
GO TO COMMENTS
(
)
Got a tip for us? Email: tips@motor1.com

RECOMMENDED FOR YOU

GM Must Pay Millions For Selling Your Data  

Finally: A Fast & Furious TV Show Is Happening

BMW's New Ignition Tech Could Extend The Life Of M Performance Engines. Here's How

The Last BMW Z4 Has Been Built

GM Super Cruise Just Reached A Major Milestone: 1 Billion Miles

Delivery Driver Goes Across Town To Deliver Burger King. Then The Customer Cancels Order When He’s At The Door: ‘I Delivered It’

Hyundai Is Already Testing Its Next High-Performance Engine