A configuration error in the software of some electric cars in the Volkswagen Group left several terabytes of data unprotected with vulnerable information, such as the location of these vehicles or the contact information of some of their owners.
The software company of the Volkswagen Group, Lovehas already solved the problem and ensures that no one has made malicious use of that data that was stored without sufficient protection in the Amazon Web Services cloud.
Volkswagen resolved the incident immediately
The world is so connected that data has become another currency. It is something that is increasing because the Internet is increasingly present in more places and more things, from a simple appliance that we have in the kitchen to our car. Therefore, the cybersecurity It is more important than ever and data protection is increasingly gaining more weight in all areas of life.
Unfortunately, sometimes mistakes are made and data protection is not as effective as it should be. Cariad, the Volkswagen Group’s software company, has recently proven this. An error in the software configuration of some electric cars from Volkswagen, Audi, SEAT and Skoda has left sensitive data of the users of these vehicles exposed.
Cariad was aware of the problem thanks to a responsible disclosure of the vulnerabilities by the association Chaos Computer Club (CCC)that is, by the so-called ‘good hackers’. Thanks to this, the Volkswagen Group has been able to correct the error and solve the security breach. The German media The mirror has closely followed the entire process (since CCC revealed the problem to VW) and, when it was already solved, has published all the information.
According to Der Spiegel, the vulnerability consisted of a breach in the cloud database that Cariad used to store all the information collected by the Volkswagen Group’s electric car software. These personal data were stored in a cloud Amazon Web Services (AWS) without sufficient protection, so they could be accessed easily. It is not known since when.
The German media speaks of some 800,000 cars affectedespecially in Europe, but also in other parts of the world, and of several terabytes of unprotected data with contact information of the vehicle owners and extremely precise positioning data (in some cases within 10 cm).
If this information had fallen into the hands of criminals and even spies, it would have been very serious because the breach has not only affected anonymous users of these electric cars, but also public figureslike the politician Nadja Weippert of the German Green Party or the deputy of the German Bundestag Markus Gúbel, of the CDU. The breach also affected dozens of Hamburg Police electric cars.
“It cannot be that my data is stored unencrypted in the Amazon cloud and then not even adequately protected,” Nadja Weippert told Der Spiegel. The unprotected data allowed precise tracking of the vehicle’s location at all times: when it stopped, when it started, where it did it, when it loaded, etc.
When the CCC informed Cariad of this problem, the Volkswagen Group company went to work to resolve it immediately. In a matter of hours, the vulnerability was resolved, as CCC spokesperson Linus Neumann noted: “Cariad’s technical team has reacted quickly, thoroughly and responsibly.”
Cariad speaks of a “misconfiguration” of the software to explain the problem and assures that “according to current knowledge, no one has accessed the systems except the CCC and we have no indications of abusive use of data by third parties.” Cariad also says that the data that was left unprotected They did not have sensitive information, such as passwords or payment informationso there should be no reason to worry, especially considering that the vulnerability has already been resolved.
Source: www.motorpasion.com
