Brussels is ‘behind the curve’ as Chinese spy-EVs become commonplace
-
It is pretty much true for all modern cars.
Yes, but not all modern cars are made in countries with a dictatorial government seeking to spread their system across the globe. As others already wrote, the data collected by cars must be enforced in some sort of GDPR, but I doubt that governments like China's are even willing to comply.
-
Yes, but not all modern cars are made in countries with a dictatorial government seeking to spread their system across the globe. As others already wrote, the data collected by cars must be enforced in some sort of GDPR, but I doubt that governments like China's are even willing to comply.
Like the US?
-
All EV vehicles are spying. Teslas are rolling cameras with central cloud storage and Volkswagen was busted recently for leaking all locations of their cars. We shouldn't label that as "Chinese spy-EVs", but should enforce the GDPR for all cars
At this point, all Vehicles are spying. It's not exclusive for EVs. Anything built in the last ~15-20 years have exactly the same sensors, regardless of the engine technology.
-
Like the US?
There is more than one dictatorship in the world unfortunately, but I guess you understand which country I referred to in this specific case.
-
There is more than one dictatorship in the world unfortunately, but I guess you understand which country I referred to in this specific case.
Yeah, I just don't agree it's the biggest problem in the world currently.
-
Yeah, I just don't agree it's the biggest problem in the world currently.
It is certainly a very big problem that needs to be addressed, otherwise it could soon be the biggest problem in the world.
-
It is certainly a very big problem that needs to be addressed, otherwise it could soon be the biggest problem in the world.
-
All EV vehicles are spying. Teslas are rolling cameras with central cloud storage and Volkswagen was busted recently for leaking all locations of their cars. We shouldn't label that as "Chinese spy-EVs", but should enforce the GDPR for all cars
This is a horrible take. VW are diligent in following GDPR and as an owner (yes, I am) you are constantly asked for exactly which permissions you want to give what service.
They had a misconfigured S3 instance. While bad, that's not intentional - but you're comparing it to "At Tesla we wank to your in-car video feed" and "BYD spies for the Chinese government" which is just a whole different thing.
-
All EV vehicles are spying. Teslas are rolling cameras with central cloud storage and Volkswagen was busted recently for leaking all locations of their cars. We shouldn't label that as "Chinese spy-EVs", but should enforce the GDPR for all cars
Automotive Grade Linux project is going to become way more important in time
-
This is a horrible take. VW are diligent in following GDPR and as an owner (yes, I am) you are constantly asked for exactly which permissions you want to give what service.
They had a misconfigured S3 instance. While bad, that's not intentional - but you're comparing it to "At Tesla we wank to your in-car video feed" and "BYD spies for the Chinese government" which is just a whole different thing.
Misconfigured to the point that all the data was collected, centrally stored and then accessible from the outside. These are at least two misconfiguration and one mayor architecture issue (central storage).
-
Automotive Grade Linux project is going to become way more important in time
Software is like encryption. you can't trust it if it's not auditable.
-
Misconfigured to the point that all the data was collected, centrally stored and then accessible from the outside. These are at least two misconfiguration and one mayor architecture issue (central storage).
I think your view on what happened is based on media headlines rather than the actual technical facts.
https://soundofdevelopment.substack.com/p/volkswagen-data-leak-location-tracking
-
This is a horrible take. VW are diligent in following GDPR and as an owner (yes, I am) you are constantly asked for exactly which permissions you want to give what service.
"I'd like the variant without a SIM card please."
-
I think your view on what happened is based on media headlines rather than the actual technical facts.
https://soundofdevelopment.substack.com/p/volkswagen-data-leak-location-tracking
Since Spring Boot version 1.5 is over 7 years old, that's unlikely to be the cause. Instead, someone must have explicitly enabled the heap dump endpoint in production without authentication.
That is the major configuration problem that got the data accesible
Let's recap. We now have user profiles showing which cars people drive and tracking data that sometimes spans years. While this data collection is covered in the terms and conditions for product improvement analysis, Volkswagen says they track this data to understand battery lifecycles better. Still, the need for location data remains unclear. The terms and conditions state that GPS data is truncated, which would significantly reduce tracking capabilities if accuracy drops to around 10 kilometers. Audi and Škoda implemented this correctly—cars from their fleet had location data truncated to approximately 10-kilometer accuracy. However, the problem arose with VW and Seat vehicles, where location data remained precise down to 10 centimeters.
That is the first configuration problem, to collect this data in the first place and then to collect it down to this level of precision.
This remains with the major architectural problem.
They could access complete user profiles and location data by combining this data. The breach revealed:
Enrollment data for both electric and non-electric vehicles, including details like VIN, model, year, and user ID
User data, including name, email, phone, and in some cases, physical addresses and preferred dealerships
EV data: Mileage, battery temperature, battery status, charging status, and even warning light data
Tracking data only for electric cars: GPS coordinates of the vehicles’ locations recorded every time the engine was turned off
All this data is stored in one place. Leaving aside the discussion of whether this data should be collected in the first place, there would be a strong reason to separate the data supposedly collected for technical analysis from the data that identifies who owns the car. Of course in the case of location data down to 10cm accuracy that is a bit moot as you can get the home address easily from the location data.
Please let me know if there was something i missed regarding my assessment of two configuration problems and one architectural problem.
-
It literally says why up in the blurb. Do you want it to be normal for any state to have covert access to security cameras you own?
If I had to own a car right now I would be extremely annoyed. Seemingly every major production car right now is a data nightmare.
I think calling it fear mongering against EVs is right in the sense that it's not exclusive to EVs. All cars have cameras, microphones and sensors these days and are connected, so legislation should deal with that properly.
-
I think calling it fear mongering against EVs is right in the sense that it's not exclusive to EVs. All cars have cameras, microphones and sensors these days and are connected, so legislation should deal with that properly.
We agree on that
-
It is certainly a very big problem that needs to be addressed, otherwise it could soon be the biggest problem in the world.
What do you propose?
-
This is a horrible take. VW are diligent in following GDPR and as an owner (yes, I am) you are constantly asked for exactly which permissions you want to give what service.
"I'd like the variant without a SIM card please."
That's against EU regulation, as new cars must include an SOS assistance button.
-
That's against EU regulation, as new cars must include an SOS assistance button.
That’s against EU regulation, as new cars must include an SOS assistance button. (Granted, many car manufacturers hide multiple SIM cards in their vehicles now. Or they use the existing SIM card for navigation, music, analytics, GBs of software updates … and emergency assistance.)
Fair, that's technically a SIM, but as you yourself noted, it's not the one used by the manufacturer.
Maybe I should phrase it another way:
"Dear manufacturer, I'd like my business relationship with you to end after the purchase of this car. I will contact you if I need anything else, be it navigation, music, analytics, or updates. You will not contact me." -
This is a horrible take. VW are diligent in following GDPR and as an owner (yes, I am) you are constantly asked for exactly which permissions you want to give what service.
"I'd like the variant without a SIM card please."
Don't buy features you don't want.
