Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Automobiles. Show all posts
Volkswagen
Automobiles Car Data EV Technology Volkswagen

With Great Technology Comes Great Responsibility: Privacy in the Digital Age


In today’s digital era, data has become a valuable currency, akin to Gold. From shopping platforms like Flipkart to healthcare providers and advertisers, data powers personalization through targeted ads and tailored insurance plans. However, this comes with its own set of challenges.

While technological advancements offer countless benefits, they also raise concerns about data security. Hackers and malicious actors often exploit vulnerabilities to steal private information. Security breaches can expose sensitive data, affecting millions of individuals worldwide.

Sometimes, these breaches result from lapses by companies entrusted with the public’s data and trust, turning ordinary reliance into significant risks.

Volkswagen EV Concerns

A recent report by German news outlet Der Spiegel revealed troubling findings about a Volkswagen (VW) subsidiary. According to the report, private data related to VW’s electric vehicles (EVs) under the Audi, Seat, Skoda, and VW brands was inadequately protected, making it easier for potential hackers to access sensitive information.

Approximately 800,000 vehicle owners’ personal data — including names, email addresses, and other critical credentials — was exposed due to these lapses.

CARIAD, a subsidiary of Volkswagen Group responsible for software development, manages the compromised data. Described as the “software powerhouse of Volkswagen Group” on its official website, CARIAD focuses on creating seamless digital experiences and advancing automated driving functions to enhance mobility safety, sustainability, and comfort.

CARIAD develops apps, including the Volkswagen app, enabling EV owners to interact with their vehicles remotely. These apps offer features like preheating or cooling the car, checking battery levels, and locking or unlocking the vehicle. However, these conveniences also became vulnerabilities.

In the summer of 2024, an anonymous whistleblower alerted the Chaos Computer Club (CCC), a white-hat hacker group, about the exposed data. The breach, accessible via free software, posed a significant risk.

Data Exposed via Poor Cloud Storage

The CCC’s investigation revealed that the breach stemmed from a misconfigured Amazon cloud storage system. Gigabytes of sensitive data, including personal information and GPS coordinates, were publicly accessible. This data also included details like the EVs’ charge levels and whether specific vehicles were active, allowing malicious actors to profile owners for potential targeting.

Following the discovery, the CCC informed German authorities and provided VW Group and CARIAD with a 30-day window to address the vulnerabilities before disclosing their findings publicly.

This incident underscores the importance of robust data security in a world increasingly reliant on technology. While companies strive to create innovative solutions, ensuring user privacy and safety must remain a top priority. The Volkswagen breach serves as a stark reminder that with great technology comes an equally great responsibility to protect the public’s trust and data.

Read more »
Ransomware
Automobiles Cyber Security Kawasaki RaaS RansomHub Ransomware

Kawasaki Ransomware Attack: 500 GB Alleged Data Leaked, RansomHub Claims

Kawasaki Ransomware Attack: 500 GB Alleged Data Leaked, RansomHub Claims

In a recent ransomware attack that hit Kawasaki Motors Europe (KME), the company has confirmed that it suffered the breach causing major service disruptions as threat actors threatened to leak the data. 

“At the start of September, Kawasaki Motors Europe (KME) was the subject of a cyberattack which, although not successful, resulted in the company’s servers being temporarily isolated until a strategic recovery plan was initiated later on the same day," KME said in a statement.

RansomHub Behind Leak

RansomHub, an infamous Ransomware-as-a-Service (RaaS) has leaked 478GB of data which the group claims belongs to the KME website,  after the attack. Important business documents were exposed- dealership details, internal communications, banking records, and financial info.

Threat actors posted the exposed data on their extortion site on the dark net, suggesting that KME didn’t agree to pay the ransom demanded by RanHub.

RansomHub has become popular after its creation in February 2024, it is now one of the most efficient RaaS groups, it was responsible for 75 ransom attacks in Q2 of 2024. RansomHub’s victims include high-level targets like Planned Parenthood and Change Healthcare.

To warn about the attacks, the US Cybersecurity and Infrastructure Agency (CISA) issued an advisory, highlighting indicators of compromise (IoC) to combat the threat of potential targets.

Rising Ransom Demands 

With a significant increase in the number of RaaS, the ransom demand trend is also rising. A threat actor demands a shocking $1.5 million in return for a victim’s stolen data. In 2023, the ransomware number was a mere $200,000, which shows the dominance of ransomware groups and the harm they cause to an organization. 

How to Combat Ransomware Attacks?

Adopting a proactive cybersecurity plan can help a business address future threats and take measures to mitigate risks, reducing the threat of future attacks. 

A strong incident response plan can reduce the impact of a ransomware breach. It should have a framework for a plan of action for a possible attack, this can include a data recovery process, legal aspects, and communication protocols. 

Human error is one of the leading causes of breach, but employee training and awareness helps to identify threats and respond accordingly. 

Read more »
Technology Attacks
Automobiles Car Cyberattacks CyberCrime Cybersecurity Data Breach Privacy Threat Technology Attacks

Data Highways: Navigating the Privacy Pitfalls of New Automobiles

 


There is a possibility that these vehicles may be collecting vast amounts of information about their users that can be accessed by advertisers, data brokers, insurance companies and others, and that information could be shared with several companies including advertisers, data brokers, and insurance companies. 

Privacy experts believe users may want to hold off on getting all the connected accessories that come with new cars to protect their data. From the beginning, tech companies have known that data can be sold for dollars, so they have been collecting all the information possible for them to sell it to their highest bidder. 

Data sharing between users' cars is a long-standing practice, but it seems their part is much bigger than most people would suspect; in fact, it might even be the biggest seller of users' data. Car companies sometimes allow consumers to adjust the connectivity settings, and drivers can read about how that is done in their car's privacy policy, but there are times when it is not possible to turn off all data sharing. 

As connected cars become more prevalent, advocates of consumer data privacy are raising concerns about their proliferation, and their proliferation is raising alarms regarding their proliferation. The Counterpoint Technology Market Research report estimates that by 2030, more than 95% of passenger cars sold will have embedded connectivity. As a result, car manufacturers can now offer safety and security functions, predictive maintenance functions as well as prognostic capabilities. 

Although this is a good thing, it also opens the door for companies to collect, share, or sell personal information such as driving habits and other personal information that people may not wish to share publicly. Although most auto manufacturers offer the option of opting out of unnecessary data sharing, according to Counterpoint senior analyst Parv Sharma, these settings are often hidden within menus, as they are with many other consumer technologies that make a profit by selling data. 

By 2030, McKinsey reported that a variety of use cases for car data monetization could generate an annual revenue stream of $250 billion to $400 billion for automakers. It is true that there may be valid reasons for collecting information about a driver or vehicle for safety and functional purposes, and that certain essential services, such as data sharing for emergency and security reasons, may not be feasible or prohibitive to opt out of. 

In the world of predictive maintenance, there are many reasons why manufacturers are releasing more data, one of which is that manufacturers can use it to determine if a particular part they use in their fleet has a tendency to fail before they expected it, which is why a recall is issued, according to James Hodgson, a director of smart mobility and automotive research at global technology intelligence firm ABI Research. 

Despite this, there are growing concerns regarding privacy issues, especially as car companies get into the insurance business themselves, and as they share driver data with insurers. For instance, insurance carriers could report driving habits and car usage details to data collectors, who could then share them with them to determine rates. 

There is a new type of insurance, referred to as usage-based insurance, offered by Progressive and Root, which offers drivers the possibility of earning lower rates as a result of allowing insurers to install devices in their vehicles that track their driving patterns. To gain a better understanding of the data collected by the automobile manufacturer, consumers might want to read over its privacy policy.

In addition to their cars, consumers also have access to radio apps, GPS navigation, and On-Star services that all have their own privacy and data collection policies, Caltrider said. Although there are no federal laws regulating the privacy of personal information, some states have adopted legislation that addresses this issue. 

There are various regulatory efforts underway to understand carmakers' data-sharing practices and reign in possible violations of privacy, but Michigan isn't one of them. The state does have a more limited set of consumer privacy laws in place, but Michigan isn't one of them. In July 2023, the California Privacy Protection Agency's enforcement division announced that it would be conducting a review of the connected vehicle industry. 

A spokesperson declined to comment further, however, saying that the investigation is underway. A federal action could be taken against carmakers if they use data to share with other companies. According to Zweifel-Keegan, basic disclosure of a company's data practices will not always be sufficient to avoid the Federal Trade Commission's enforcement actions. Increasingly, the issue is receiving broader attention. 

Senator Edward J. Markey (D-Mass.), a member of the Senate Commerce, Science, and Transportation Committee, sent letters to 14 car makers in December asking them to ensure that privacy protections are implemented and enforced in their cars. As Hodgson pointed out, the best-case scenario for automakers and consumers might be that as consumer awareness grows, more carmakers will use stricter data privacy practices as a marketing tool, similar to how Apple makes its products stand out from its competition. 

A lawsuit against GM has been filed on behalf of consumers. GM, who is facing a lawsuit, says it has stopped sharing driver data with insurance brokers who work with insurance companies to avoid the lawsuit. There was a press release from GM, which stated, "Customer trust is very important to us, and we are continuously evaluating our privacy policies and procedures to protect it.".
Read more »
Subscribe to: Posts (Atom)