Cariad, a subsidiary of Volkswagen Group responsible for software, reportedly left location data for 800,000 electric vehicles exposed due to a security oversight.
Information about the vulnerability was reportedly shared by a whistleblower to German news magazine Der Spiegel and European hacking association Chaos Computer Club (CCC).
The vulnerability:
- As noted in a report from The Verge, Cariad’s security oversight made it possible to find and access driver data that was housed on Amazon’s cloud storage service.
- This data could then be linked to drivers’ personal information.
- The security breach reportedly allowed Der Spiegel to track two German politicians with notable accuracy. A mayor’s movements were reportedly tracked by the publication as well.
The details:
- Der Spiegel noted that the exposed data encompassed several terabytes’ worth of information, including precise locations for 460,000 vehicles.
- Audi, SEAT, and Skoda car owners, were affected by the security breach. Volkswagen ID.3 and ID.4 owners were particularly affected, the report claimed.
- The breach reportedly impacted institutional entities like the Hamburg police department, public figures, business leaders, Federal Intelligence Service employees, and even vehicles associated with the U.S. Air Force at Ramstein Air Base.
The response:
- CCC reportedly informed Cariad of the issue, leading to a swift patch of the vulnerability.
- Cariad reportedly informed the publication that the vulnerability was due to a “misconfiguration.”
- Cariad also stated there was no evidence that anyone aside from CCC had accessed the exposed data.
Don’t hesitate to contact us with news tips. Just send a message to [email protected] to give us a heads up.
