[HN Gopher] VW breach exposes location of 800k electric vehicles
___________________________________________________________________
VW breach exposes location of 800k electric vehicles
Author : benwerner01
Score : 70 points
Date : 2024-12-27 18:03 UTC (4 hours ago)
(HTM) web link (cyberinsider.com)
(TXT) w3m dump (cyberinsider.com)
| mzs wrote:
| if you can read German:
|
| https://www.spiegel.de/netzwelt/web/volkswagen-konzern-daten...
|
| https://www.ccc.de/de/updates/2024/wir-wissen-wo-dein-auto-s...
| TheChaplain wrote:
| That could be a nail in the coffin to end VW, the EU GDPR is
| quite a sharp weapon.
| tencentshill wrote:
| I think even in the EU, VW group is "too big to fail".
| creshal wrote:
| Too big to fail and too much of it is state owned, either
| directly, or through government-owned retirement funds.
|
| The government will investigate itself and find no
| wrongdoings, let's go after the journalists who committed the
| ultimate crime: Embarassing Officials.
| johnea wrote:
| Oh yea, that big gubmint is the one to blame!
|
| Never mind that it's a for-profit company that does the
| surveiling, and wrote the faulty IT structure.
|
| Neoliberal religion runs deep...
| gadflyinyoureye wrote:
| The EU will play favorites. There will be a slap on the wrist.
| Some probation. Maybe a CEO or high level C* person will step
| down in disgrace with only a few hundred million in severance.
| Then everything will go back to normal.
| rad_gruchalski wrote:
| The problem was caused by Cariad, not VW directly. Cariad will
| be held responsible for, not VW.
| Reason077 wrote:
| CARIAD is a 100%-owned subsidiary of the Volkswagen group.
| 42lux wrote:
| It's their bad software bank.
| rad_gruchalski wrote:
| Sure. Good accounting and disaster prevention from VW. The
| matter of the discussion proves that the decision was
| correct.
| 7bit wrote:
| Yep, and this will be the end of CARIAD. Volkswagen has
| already b decided to bleed them to death with the Rivien
| joint-venture. I guess they'll shut down the rest of the
| operation much, much faster now. This is the perfect reason
| for them to do so and what they have been waiting for.
| jwr wrote:
| The EU won't do much, because this is a car company. Car
| companies run the EU, basically, especially German ones.
| newsclues wrote:
| Not surprisingly as the EU grew out of post war coal and
| steel association
| dmitrygr wrote:
| Why is nobody talking about the fact that this should not be
| possible? There is precisely zero reason for them to have this
| location data. Give the CEO one year of jail per person whose
| location was illegally tracked.
| zer8k wrote:
| On the contrary it's relatively simple to understand how it got
| there trivially.
|
| Most modern cars, especially ones that fit into more "luxury"
| brands have an app. That app gives you telemetry and location
| data for a price. It's rather convenient to be able to pre-
| condition your car, or figure out where you parked in a massive
| unlabeled parking lot, etc. This is all consented to, but
| regardless the data is tracked anyway via some GPS/cell system
| modern cars have. When you pay for it you get more stuff -
| anti-theft, better tracking, service tracking, etc.
|
| It's a convenience. I'm not entirely comfortable with it but if
| you want a better-than-decent car made after 2016 you probably
| have it on-board and unless you rip the ECM out you're stuck
| with it. Personally, I'd rather pay BMW, for example, for anti-
| theft and tracking than pay OnStar or another service that is
| gonna stick me with a ridiculous contract and stuff my car with
| even more buttons.
| CatWChainsaw wrote:
| Eh, "consented to" is rather weak when you are forced to hit
| the "I agree" button to be able to drive the car you bought.
| That and forced arbitration need to die posthaste.
| rad_gruchalski wrote:
| I refuse to believe that it's not possible to drive the car
| without the app.
| CatWChainsaw wrote:
| And I'm skeptical that it is. Happy Friday.
| jimt1234 wrote:
| Back in the day, during the original Browser Wars, when
| the US Department Of Justice was trying to force
| Microsoft to detach Internet Explorer from Windows,
| Microsoft argued that it was impossible for Windows to
| operate without IE baked in. Well, it took a couple of
| "hackers" about a day to prove them wrong. I ran Windows
| XP without IE for years just fine. So yeah, cars can run
| without the app.
| rad_gruchalski wrote:
| Of course they can. It doesn't even make sense to
| consider that microsoft/ie matter.
| AlotOfReading wrote:
| The data is collected even if you don't use the app or
| hit agree. The manufacturer has your personal info
| attached to the car from the warranty info. They're
| required to collect it so they can send you recall
| notices.
|
| It's trivial to put a car in limp mode if the vehicle
| computers don't detect all the modules the manufacturer
| put there. It's slightly less trivial to detect missing
| antennas, but that tends to disable other features people
| enjoy like directions and data. Manufacturers simply
| don't care to cat-and-mouse this right now.
| rad_gruchalski wrote:
| > The data is collected even if you don't use the app or
| hit agree
|
| It's irrelevant. The matter of the discussion is "cannot
| drive a car without hitting I agree button".
| AlotOfReading wrote:
| The post you were responding to is specifically about the
| lack of consent, not whether the button is necessary.
| rad_gruchalski wrote:
| I don't think so. They even double down on the button:
| https://news.ycombinator.com/item?id=42525040.
| gsich wrote:
| There is no reason why this can't be E2E.
| behnamoh wrote:
| Can we some how hack the car and disable this "feature"?
| betaby wrote:
| Most likely that's illegal in DE, FR and PL. See a related
| thread about trains at CCC.
| olddog2 wrote:
| Find the guys who usually park at expensive family homes, but
| occasionally visit a known brothel, then blackmail them.
|
| We all just let surveillance haplen to us, in fact we paid for
| most of it
| CatWChainsaw wrote:
| Ah, here's my daily reminder to treat my 2005 Honda like a
| princess and hope it never, _ever_ dies.
| 2OEH8eoCRo0 wrote:
| I plan to buy old used cars forever when I can no longer keep
| my 2013 Subie going.
| RajT88 wrote:
| Hey EU, maybe mandate an opt out for all vehicle telemetry?
|
| Then maybe the rest of the world will follow suit.
|
| I know, I know, I am kidding myself.
| hyhconito wrote:
| Opt in you mean, like the cookie banners?
|
| Oh no that'll never happen because VW are a European company
| and the money is in fining US tech companies!
| rad_gruchalski wrote:
| European companies get fined the same as any other companies.
| hyhconito wrote:
| Well within the constraints they set out which exclude a
| hell of a lot of European companies.
|
| (I am in Europe for reference, this is not an external
| perspective)
| 7bit wrote:
| What constraints? And which companies are excluded by
| them?
| adolph wrote:
| VW paid "$14.7 billion to settle civil charges in the United
| States" and was ordered "to pay a $2.8 billion criminal fine
| for 'rigging diesel-powered vehicles to cheat on government
| emissions tests'."
|
| https://en.wikipedia.org/wiki/Volkswagen_emissions_scandal
| betaby wrote:
| "Seems low" and "cost of doing business" - paraphrasing any
| thread about US company. Could also says "VW should be sued
| out of existence".
|
| Also I genuinely think those fines were low.
| RajT88 wrote:
| The fact that it did not seem to stunt their growth
| speaks for itself:
|
| https://www.macrotrends.net/stocks/charts/VWAGY/volkswage
| n-a...
| rad_gruchalski wrote:
| The reason for all that telemetry is the legislation. How do
| you think they are going to implement the full "intelligent"
| speed assistant in 2027?
| wintermutestwin wrote:
| More like automated ticketing for speeding.
| mikedelfino wrote:
| I'd love to see that implemented, yes, but it would be even
| better if all cars' speed were automatically limited to the
| speed limit of each road.
| vel0city wrote:
| Knowing exactly which lane you're in and the actual speed
| limit of that particular lane can be tricky for an
| automated system, at least in any of the systems I've
| seen implemented.
|
| I've had cars with both automated speed limit sign
| readers, GPS+map databases, and more show me two
| different speed limits and neither one was actually
| correct for the lane I was in. This is a somewhat common
| occurrence on the highways around me.
| wcoenen wrote:
| That would risk unintended consequences. For example,
| suddenly slowing cars on the highway down to 30 kph
| because a small road with that speed limit runs right
| next to the highway.
| forgetfreeman wrote:
| This becomes a thing and I'll have a 25mph sign hanging
| off the back of my truck. I eagerly await starting a
| youtube channel of new cars losing their shit on jammed
| tailgating attempts.
| rad_gruchalski wrote:
| Or in Germany, if you live in the village, put up a 60
| sign by your driveway and when confronted just say
| someone is having their 60th birthday... Germans for
| whatever reason like putting up a speed limit signs by
| their driveway when celebrating birthdays.
| rad_gruchalski wrote:
| As long as it's accurate. The current technical
| implementation is a joke. The car has no idea what the
| speed limit is.
|
| A few examples:
|
| 1) drive past the end of town sign in a particular German
| town, the car thinks it is 30kph, but only during the day
| because at night it doesn't see the sign so it thinks
| it's 50 where in reality it's a 100 until the next speed
| limit,
|
| 2) driving between a couple of roundabouts inside of a
| town in the Netherlands, the car thinks it's 30kph even
| though we stay within city limits and there's no sign so
| the speed limit remains 50kph,
|
| 3) this is the funniest one so far... driving in
| Antwerpen along the Turhoutsebaan, there's a massive 30
| sign painted on a red painted road surface, the car
| insists that the speed limit is 50kph.
|
| Those are just three out of a dozen examples happening
| consistently within 30 square kilometres I normally
| remain within. And I drive this car for 2.5 weeks. I have
| seen the future and I don't like it. Number 2) happens
| routinely inside of the city limits after right or left
| turn. Car drops the speed limit to 30 just to realise a
| 100m down the road that it is 50.
|
| Apologies for the ad hominem, I normally stay away from
| such tone. I genuinely hope that such pseudo cops like
| you get a grip. Because it's my life you're talking about
| and I already use speed limiter routinely. Every idiot
| around me on the road has exactly the same choice as me:
| curb the ego down and slow down or behave like a douche.
|
| > but it would be even better if all cars' speed were
| automatically limited to the speed limit of each road
|
| Yeah, you just described the ISA of 2027. This is going
| to be a tough year for car manufacturers. I forecast a
| ton of unsold new cars remaining on parking lots because
| one has to be really technically illiterate to buy
| something so dangerous willingly. Either full self
| driving or give full control. Everything in between is a
| disaster waiting to happen.
|
| By the way, here's a funny thought. So what is going to
| happen when that mythical zero casualties is reached and
| more people will be dying on bicycles than in car
| accidents? An implant in the brain? Where does it stop?
| mikedelfino wrote:
| > So what is going to happen when that mythical zero
| casualties is reached and more people will be dying on
| bicycles than in car accidents?
|
| I don't think anything will need to happen at that point.
| We wouldn't need to tackle down the top causes of death
| if the numbers were low, as seems to be the case of
| bicycle deaths not caused by cars. And when it comes to
| speeding, it's already against the law, so the technology
| is only trying to help prevent it. But of course, my
| enthusiasm is tied to a future where this technology
| works reliably, so I don't really expect anything like it
| with all the problems you're describing with current
| models.
| rad_gruchalski wrote:
| The problem is that it doesn't matter what you think, or
| what I think. What matters is what the bureaucrat thinks
| in Brussels.
|
| It's also illegal to participate in the traffic drunk yet
| I routinely see drunk people riding bicycles and scooters
| in regular traffic, often ignoring traffic lights. I bet
| you a ton of those people do not even have a driver's
| license and/or understanding of traffic rules. Humans
| will be humans.
| leobg wrote:
| Dangerous as hell. Imagine there's a runaway truck behind
| you and you can't speed up to avoid or at least soften
| the collision because of some government enforced
| handicap.
|
| It would also give local governments a power they never
| had before: To directly control your behavior in the
| moment, with no judicial control or oversight.
|
| No, thank you.
| grecy wrote:
| There will always be contrived bogeyman edge cases to
| scare us from doing something.
|
| The only question that matters is would it result in
| fewer road deaths? I bet the answer is yes.
|
| In the US every single day 100 families are torn apart by
| a death on the road. I'm sure you don't want it to be
| yours.
| rad_gruchalski wrote:
| That's a "think of the children" type of an argument.
| Remind me: how many people die because of guns every day
| in the US? On a serious note, how many of those road
| accidents are caused by exceeding the speed by less than
| 10%? You see, there is a difference between speeding and
| reckless driving.
|
| Neither you nor me live in the US. They have other
| options to reduce those deaths. There's no reason to
| drive a 4 ton EV truck made out of stainless steel doing
| 0 to 60 mph in 3 seconds.
| magicalhippo wrote:
| It's opt-out on my Renault Megane e-Tech.
|
| It was a very clear prompt during initial setup, and it shows
| me a very unambiguous notification that it's enabled every time
| I start the car. If I click on that it takes me to the setting.
|
| edit: might even have been opt-in during initial setup, now
| that I think about it. I do recall it being a very deliberate
| thing during setup.
|
| Of course I'll have to trust that turning it off actually turns
| it off, no way for me to verify that.
|
| The reason I keep it on is because my SO is a bit absent minded
| to where she parks the car, and I value not having to run
| around in the streets trying to find it when I'm in a hurry
| over the potential privacy loss.
|
| edit: Renault was found[1][2] to be the "least problematic"
| with respect to privacy by Mozilla last year.
|
| [1]: https://foundation.mozilla.org/en/blog/privacy-nightmare-
| on-...
|
| [2]: https://news.ycombinator.com/item?id=37443644
| amluto wrote:
| Apple knows how to allow one to find one's devices without
| Apple knowing where they are. It's not that hard.
| likeabatterycar wrote:
| Ackhually, it is that hard, unless your method relies on
| millions of your devices out in the wild acting as sensors
| in a mesh network, as Apple does.
| amluto wrote:
| That's a _much_ harder problem than VW would need to
| solve. Also, Find My substantially predates the Find My
| network and AirTags.
|
| There are very straightforward solutions, depending on
| the threat model. For example, the app could send VW a
| private key every day, and VW would send that key to the
| car. Then the car sends periodic location reports,
| encrypted to that key. VW can, upon request, send the
| report to the app, which decrypts it. But VW can't
| decrypt the report itself, so they don't know the
| location of the car. Also, it's forward secure in the
| sense that a leak of VW's database is entirely useless
| after a day.
| magicalhippo wrote:
| This would require a key per app installation, my SO has
| the app installed too for example.
|
| It would also introduce a lot of additional failure
| modes.
|
| Doable but not exactly trivial.
| layer8 wrote:
| It would work exactly like how you can send an encrypted
| email to multiple recipients and each of them can decrypt
| it despite having different private keys. That part isn't
| rocket science.
| magicalhippo wrote:
| Indeed, it's making it work reliably and with zero
| friction given both apps and car will have variable
| internet access.
| amluto wrote:
| This is not hard. App login sets up a session with VW
| (which is surely already does), except the session needs
| a database entry and not just a JWT-like token. (Many
| auth frameworks do this anyway.) The database row needs
| to add a public key, and the server needs to send all the
| key changes to the car. And that's about it.
| magicalhippo wrote:
| Again, that's the easy part. The hard part is making it
| work reliably in the real world.
| layer8 wrote:
| You cannot establish a private channel between app and
| car if you don't already have either a pre-shared secret,
| or pre-shared trusted certification authority keys (such
| as to allow TLS-like tamper-resistant encrypted
| communication between app and car) that VW can't replace.
|
| Otherwise, if there is no pre-existing private channel,
| the key (which by the way would have to be the public
| key, not the private key) could be switched out by VW
| acting as a man-in-the-middle, allowing it to access all
| encrypted content going through it.
|
| The same is true for Apple. There are parts of the
| protocol or the pairing where you have to trust Apple,
| either their servers, or if the establishment happens
| locally via bluetooth or similar, their software that
| runs on the local devices.
| amluto wrote:
| This argument seems like a fairly extreme example of the
| perfect being the enemy of the good. Sure, it would
| require a more advanced system for VW to prevent
| themselves from silently compromising their own system to
| learn everyone's location. But the design I outlined will
| prevent a passive compromise of VW, and even possibly a
| court order, from learned everyone's location, and it
| prevents even an active and highly malicious compromise
| from learning past locations.
| likeabatterycar wrote:
| The opt-out should be pulling the telematics fuse. Unless you
| can audit the source code, you can't, and shouldn't, trust
| the software.
| layer8 wrote:
| That might be impossible with mandatory eCall:
| https://en.wikipedia.org/wiki/ECall
| moffkalast wrote:
| Nah, make it illegal to collect any kind of identifiable data
| in the first place.
| merb wrote:
| VW do use opt-in. In fact it is so annoying that you get asked
| every time when you start your car. So basically every time
| your car start it says ,,do you want to use the profile
| connected with the vw service" if you do not accept it than the
| car will be in a dumb mode. One of my coworkers was annoyed by
| it and ,,reset" the car to use a non connected profile which
| does not do that.
|
| I'm a owner of a id.4 (or rather a user of it, since my company
| owns it)
| switch007 wrote:
| Reminds me of cookie banners. Annoy you into submission
|
| (I know the EU doesn't mandate annoying cookie banners but
| unintended consequences etc)
| jsiepkes wrote:
| If it so bad there is actually a whistleblower then how do they
| pass their ISO27001 audits? Bit too friendly with TUV Nord?
|
| https://cariad.technology/content/dam/digitalmindofmobility/...
|
| EDIT: Just noticed this is an ISO9001 certificate. Though on
| their job offer site they do ask for "Foundational understanding
| of security related regulations and standards preferred (e.g.
| ISO21434, ISO27001, NIST-800)". Unclear if they are actually ISO
| 27001. Found the 9001 one by fluke, they don't seem to list that
| one on their site either.
| tuwtuwtuwtuw wrote:
| The fact that you have passed audits isn't a guarantee (or even
| an indication) that you don't have major security
| vulnerabilities.
| starbugs wrote:
| > The fact that you have passed audits isn't a guarantee (or
| even an indication) that you don't have major security
| vulnerabilities.
|
| Please explain that to my IT department.
| rf15 wrote:
| TUV certification has always been more about certification
| theater and being able to verify that you don't have
| _egregious_ amounts of negligence than certifying that you are
| doing your work well.
|
| edit: I've never prepared for our audits and we always get our
| certification, no matter what they find as long as you say
| "yes, we are aware"
| gsich wrote:
| 27001 does not specify implementation details.
| jwr wrote:
| I so hope this will start an avalanche and car companies will not
| be able to get away with collecting so much data about users
| (cars, but that's pretty close).
|
| Especially in the EU, the hypocrisy is jarring: on one hand,
| GDPR, protecting users from surveillance by businesses, etc, and
| on the other hand, car companies get a free pass, because they
| are car companies, and the EU likes car companies.
| __fst__ wrote:
| EVs are topping the list of (imho) useless extras in cars. I'm
| still cherishing my Honda Fit pre-touchscreen edition. I'm going
| to drive it until it will fall apart. My next car will be an EV
| but I have yet to find one that still comes with mechanical
| features (door handles, knobs/buttons), without a whole battery
| of surveillance/telemetry tech and (crossing fingers) exchangable
| batteries. Simple electric propulsion ...
| behnamoh wrote:
| I hate touchscreen buttons too and unfortunately all EVs I've
| seen have adopted that. I wonder if there are EVs with good old
| fashioned mechanical buttons.
| natch wrote:
| Many EVs have a sensible amount of buttons, and you generally
| don't need the touchscreen for driving or much else for that
| matter.
|
| I can even keep driving while the whole system is rebooting.
| Around here (where we have many immigrants and some odd
| practices) I've seen people with a towel hanging over their
| screen while driving, to protect it like a dust cover I
| guess.
|
| The one thing you might argue I do need from my screen is the
| speed, which is very easy to see and usually not needed in
| the flow of traffic.
|
| The outcry against screens is just misinformed imho. My car
| has plenty of mechanical buttons.
| behnamoh wrote:
| What model is your car?
| johnea wrote:
| I just bought a used 2023 Nissan Leaf.
|
| Fully EV, real buttons and knobs, and of course the model is
| cancelled.
|
| The original tracking was 2G cellular, later updated to 3G
| cellular. 2G is long depricated, and 3G is already shutdown in
| many places.
|
| This is a great car! Which explains why it's no longer
| available. It doesn't meet modern american needs, like being at
| least as large as a small building, or having 0 visibility over
| the hood, or costing at least $75K. (p.s. I paid $15K for mine,
| with 18K miles on the odometer and 150 miles of battery range)
|
| But if you're into retro, like buttons and knobs, I highly
| recommend it...
|
| p.s. I have to wonder if the data breach doesn't affect ICE
| cars as well? Would they use a separate surveilance system?
| geor9e wrote:
| Just to be clear, this breach mostly affects non-EV cars. Even
| my stick shift, manual window crank car came with a hidden
| cellular data modem, collecting my GPS location by default.
| natch wrote:
| One person's useless extra is another person's collision
| avoidance system, AC, music system... I like extras when they
| make sense.
| forgetfreeman wrote:
| Why the sideways fuck did they even have location data to begin
| with? It's like the checklist for buying a new car starts with
| figuring out what circuit drives the cell modem and pop that fuse
| out before taking a test drive to confirm it doesn't brick
| anything critical. Fucking ridiculous.
| ImJamal wrote:
| Most new cars have features that require it such as onboard
| GPS, speed limits on the dash, OnStar and similar features.
| forgetfreeman wrote:
| All bullshit my car shouldn't do in the first place.
| tzs wrote:
| Those are mostly things that require _the car_ to know its
| location. They don 't require that the car share the location
| with the car's maker except possibly sharing what region the
| car is in.
|
| The region sharing might be needed to efficiently update
| things like the map and the speed limits.
| thebruce87m wrote:
| I wonder if they were all petrol vehicles, or all diesel if that
| would be so prominent in the headline. The drive train has
| nothing to do with an unsecured s3 bucket, and if you think that
| electric vehicles are the only "connected" cars in 2024, you're
| in for a shock.
| a3w wrote:
| Best of from 38th CCC: every three letter secret service of the
| country seems to be spyied out by this. And a secret VW testing
| facility in sweden was uncovered.
|
| Also, effects mostly EVs, but not only. (If the EV motor was the
| group usually logged to the opened AWS bucket, I don't understand
| how there were ICE or possibly hybrid cars involved in the leak.)
|
| https://streaming.media.ccc.de/38c3/ had a german language video
| on it, live, but will surely add english translation and
| permanent video link soon.
___________________________________________________________________
(page generated 2024-12-27 23:01 UTC)