In our increasingly connected world, data leaks are almost a part of daily life. It’s an unfortunate reality, but likely one we’ll have to get used to.
The latest round of sensitive information leaks comes from Volkswagen. German news outlet Spiegel reported this week that the personal data and location of over 800,000 customers, including high-ranking German figures, have been freely accessible since this summer.
MediaNews Group/Orange County Register via Getty Images/Getty Images
The culprit was the VW car app developed by the company’s subsidiary Cariad which stored customer charging data on the Amazon cloud. Poor security standards left such data unencrypted and pretty easy for anyone to access, regardless of technical know-how. One file even contained login credentials to the company’s Amazon cloud account that stored owner emails, home addresses, and even phone numbers.
VW vehicles weren’t the only ones affected by this
Related: Jaguar looks forward — as it can’t see out the back
The leak extended to other Volkswagen Group brands as well, including Audi, Seat, and Skoda. For VW and Seat models, the location geodata was accurate within 10 cm (4 inches) of a vehicle’s location. For Audi and Skoda vehicles, it went a little farther to a 10-km range (~6 miles).
Such precise vehicle location data can lead to a whole slew of dangers, from stalking to potential murder if someone has a big enough grudge against any of the victims. Remember that some of those affected were German political figures.
Volkswagen
A German hacker group pushed VW and Cariad to fix their mistake
It wasn’t until an anonymous whistleblower used freely accessible software to find the information and alerted Chaos Computer Club (CCC), Europe’s largest hacker association.
The hacker group in turn contacted Lower Saxony’s State Data Protection Officer, the Federal Ministry of the Interior, and other security bodies. Cariad thankfully fixed the issue in no time, but it was a little late on the uptake.
Related: Workers found in “slavery-like conditions” at BYD construction site
Final thoughts
There is an argument to be made here that despite all of the reportedly good intentions of such location tracking, there will always be loopholes. Cars, software, and the world around us are getting more and more complex with each passing day and hackers are damn clever. Try as you might but if somebody wants your data, they will find a way.
We should be able to entirely opt out of having our cars tracked, whether by the manufacturer or anyone else. Opting out of data collection on the internet has been available for a while and it’s time it makes its way to cars. Even then though, can you really trust that corporations are truly listening to your requests?
Related: Senators blast automakers’ fight against right-to-repair