A whistleblower has uncovered a major security lapse involving over 800,000 electric vehicles (EVs) manufactured by the Volkswagen Group. The vehicles’ unencrypted location data was left exposed on Amazon’s cloud by Cariad, the automotive software company responsible for many of VW’s development tasks. The whistleblower alerted German publication Der Spiegel and the hacking collective Chaos Computer Club (CCC) about the misconfiguration.
The two groups then analyzed the data, tying individual cars to their owners and revealing sensitive information. According to Motor1, the exposed data allowed Der Spiegel and CCC to track the location of two German politicians with alarming precision.
Volkswagen’s exposed location vulnerability
One of these politicians, a member of the German Defense Committee, had his location data traced to his father’s retirement home and to military barracks. Cariad has since addressed the vulnerability, which also exposed data regarding the usage of Skodas, Audis, and Seats. The data set contained detailed information about VW ID.3 and ID.4 owners, including pinpoint location data for 460,000 vehicles.
Der Spiegel noted that this data could be used to paint a detailed picture of the owners’ lives and daily activities. Cariad attributed the security flaw to a “misconfiguration” and stated there is no evidence that anyone other than Der Spiegel and CCC accessed the unprotected data. This incident highlights the risks associated with connected cars and the importance of data security in the automotive industry.
Rashan is a seasoned technology journalist and visionary leader serving as the Editor-in-Chief of DevX.com, a leading online publication focused on software development, programming languages, and emerging technologies. With his deep expertise in the tech industry and her passion for empowering developers, Rashan has transformed DevX.com into a vibrant hub of knowledge and innovation. Reach out to Rashan at [email protected]
