“Comparable to a huge bunch of keys lying under a much too small doormat.”
Linus Neumann, CCC spokesman
Users are warned that 800,000 owners of Volkswagen electric vehicles have had their personal information, including contact information and location data, compromised by the well-known carmaker Volkswagen. The German hacker collective Chaos Computer Club (CCC) made this discovery. Sensitive information saved on Amazon Cloud was made publicly available for months due to a configuration error in the systems of Cariad, VW’s software division.
How Was The Volkswagen Issue Overlooked
We learn about 41-year-old Nadja Weippert, who discovered this after downloading the Volkswagen app, from the researching team’s report. Her Volkswagen automobile reportedly started gathering and sending information to the manufacturer once she set up the app, including the precise GPS location of where she parked it each time she shut off the engine. This produced a set of data that can be readily utilised to construct a comprehensive profile of her everyday activities.
In addition to compromising the privacy of regular people, this hack also had an impact on well-known people like politicians, corporate executives, and police enforcement personnel.
The general public should not have access to any of this information. However, it was. For months, an Amazon cloud storage system held several gigabytes of data from about 800,000 Volkswagen electric automobiles that were mainly unsecured.
Vehicles made by VW, Seat, Audi, and Skoda in Germany, Europe, and other countries are impacted.
The names and contact information of the drivers, owners, or fleet managers may be connected to a large portion of the vehicle data. As was the case with the two politicians, inferences regarding the lifestyles of the drivers were made possible by the availability of precise position data for 460,000 automobiles.
Was VW Doing It Intentionally ?
“It cannot be that my data is stored unencrypted in the Amazon cloud and then not even adequately protected, I expect VW to stop this, collect less data overall and anonymize it in any case.”
Politician Weippert
Cariad, a VW company that was originally established to create a potential platform for all of the group’s electric vehicles with thousands of software developers, made a mistake last summer and failed to recognise it. This is the reason for the entire problem that occurred here.
Researchers say “It is a more than embarrassing glitch for the already struggling company. It is a disgrace. Especially in the area of software, where VW is already lagging behind the competition. Especially in the area of security of private data, which the Germans like to cite as a location advantage over the much more lax USA.”
For around half of those affected, including owners of the VW ID.3 and ID.4 models, the data is particularly detailed. It displays when the corresponding car was switched on and when and where exactly it was switched off. From this information, spies or criminals might create comprehensive movement profiles.
For example, the Cariad data made it possible for foreign intelligence services to determine whose vehicle is parked near Federal Intelligence Service facilities or is travelling to the US Air Force installation in Ramstein every day between 8 a.m. and 5 p.m.
