Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Car. Show all posts
Volkswagen
Automobiles Car Data EV Technology Volkswagen

With Great Technology Comes Great Responsibility: Privacy in the Digital Age


In today’s digital era, data has become a valuable currency, akin to Gold. From shopping platforms like Flipkart to healthcare providers and advertisers, data powers personalization through targeted ads and tailored insurance plans. However, this comes with its own set of challenges.

While technological advancements offer countless benefits, they also raise concerns about data security. Hackers and malicious actors often exploit vulnerabilities to steal private information. Security breaches can expose sensitive data, affecting millions of individuals worldwide.

Sometimes, these breaches result from lapses by companies entrusted with the public’s data and trust, turning ordinary reliance into significant risks.

Volkswagen EV Concerns

A recent report by German news outlet Der Spiegel revealed troubling findings about a Volkswagen (VW) subsidiary. According to the report, private data related to VW’s electric vehicles (EVs) under the Audi, Seat, Skoda, and VW brands was inadequately protected, making it easier for potential hackers to access sensitive information.

Approximately 800,000 vehicle owners’ personal data — including names, email addresses, and other critical credentials — was exposed due to these lapses.

CARIAD, a subsidiary of Volkswagen Group responsible for software development, manages the compromised data. Described as the “software powerhouse of Volkswagen Group” on its official website, CARIAD focuses on creating seamless digital experiences and advancing automated driving functions to enhance mobility safety, sustainability, and comfort.

CARIAD develops apps, including the Volkswagen app, enabling EV owners to interact with their vehicles remotely. These apps offer features like preheating or cooling the car, checking battery levels, and locking or unlocking the vehicle. However, these conveniences also became vulnerabilities.

In the summer of 2024, an anonymous whistleblower alerted the Chaos Computer Club (CCC), a white-hat hacker group, about the exposed data. The breach, accessible via free software, posed a significant risk.

Data Exposed via Poor Cloud Storage

The CCC’s investigation revealed that the breach stemmed from a misconfigured Amazon cloud storage system. Gigabytes of sensitive data, including personal information and GPS coordinates, were publicly accessible. This data also included details like the EVs’ charge levels and whether specific vehicles were active, allowing malicious actors to profile owners for potential targeting.

Following the discovery, the CCC informed German authorities and provided VW Group and CARIAD with a 30-day window to address the vulnerabilities before disclosing their findings publicly.

This incident underscores the importance of robust data security in a world increasingly reliant on technology. While companies strive to create innovative solutions, ensuring user privacy and safety must remain a top priority. The Volkswagen breach serves as a stark reminder that with great technology comes an equally great responsibility to protect the public’s trust and data.

Read more »
Technology Attacks
Automobiles Car Cyberattacks CyberCrime Cybersecurity Data Breach Privacy Threat Technology Attacks

Data Highways: Navigating the Privacy Pitfalls of New Automobiles

 


There is a possibility that these vehicles may be collecting vast amounts of information about their users that can be accessed by advertisers, data brokers, insurance companies and others, and that information could be shared with several companies including advertisers, data brokers, and insurance companies. 

Privacy experts believe users may want to hold off on getting all the connected accessories that come with new cars to protect their data. From the beginning, tech companies have known that data can be sold for dollars, so they have been collecting all the information possible for them to sell it to their highest bidder. 

Data sharing between users' cars is a long-standing practice, but it seems their part is much bigger than most people would suspect; in fact, it might even be the biggest seller of users' data. Car companies sometimes allow consumers to adjust the connectivity settings, and drivers can read about how that is done in their car's privacy policy, but there are times when it is not possible to turn off all data sharing. 

As connected cars become more prevalent, advocates of consumer data privacy are raising concerns about their proliferation, and their proliferation is raising alarms regarding their proliferation. The Counterpoint Technology Market Research report estimates that by 2030, more than 95% of passenger cars sold will have embedded connectivity. As a result, car manufacturers can now offer safety and security functions, predictive maintenance functions as well as prognostic capabilities. 

Although this is a good thing, it also opens the door for companies to collect, share, or sell personal information such as driving habits and other personal information that people may not wish to share publicly. Although most auto manufacturers offer the option of opting out of unnecessary data sharing, according to Counterpoint senior analyst Parv Sharma, these settings are often hidden within menus, as they are with many other consumer technologies that make a profit by selling data. 

By 2030, McKinsey reported that a variety of use cases for car data monetization could generate an annual revenue stream of $250 billion to $400 billion for automakers. It is true that there may be valid reasons for collecting information about a driver or vehicle for safety and functional purposes, and that certain essential services, such as data sharing for emergency and security reasons, may not be feasible or prohibitive to opt out of. 

In the world of predictive maintenance, there are many reasons why manufacturers are releasing more data, one of which is that manufacturers can use it to determine if a particular part they use in their fleet has a tendency to fail before they expected it, which is why a recall is issued, according to James Hodgson, a director of smart mobility and automotive research at global technology intelligence firm ABI Research. 

Despite this, there are growing concerns regarding privacy issues, especially as car companies get into the insurance business themselves, and as they share driver data with insurers. For instance, insurance carriers could report driving habits and car usage details to data collectors, who could then share them with them to determine rates. 

There is a new type of insurance, referred to as usage-based insurance, offered by Progressive and Root, which offers drivers the possibility of earning lower rates as a result of allowing insurers to install devices in their vehicles that track their driving patterns. To gain a better understanding of the data collected by the automobile manufacturer, consumers might want to read over its privacy policy.

In addition to their cars, consumers also have access to radio apps, GPS navigation, and On-Star services that all have their own privacy and data collection policies, Caltrider said. Although there are no federal laws regulating the privacy of personal information, some states have adopted legislation that addresses this issue. 

There are various regulatory efforts underway to understand carmakers' data-sharing practices and reign in possible violations of privacy, but Michigan isn't one of them. The state does have a more limited set of consumer privacy laws in place, but Michigan isn't one of them. In July 2023, the California Privacy Protection Agency's enforcement division announced that it would be conducting a review of the connected vehicle industry. 

A spokesperson declined to comment further, however, saying that the investigation is underway. A federal action could be taken against carmakers if they use data to share with other companies. According to Zweifel-Keegan, basic disclosure of a company's data practices will not always be sufficient to avoid the Federal Trade Commission's enforcement actions. Increasingly, the issue is receiving broader attention. 

Senator Edward J. Markey (D-Mass.), a member of the Senate Commerce, Science, and Transportation Committee, sent letters to 14 car makers in December asking them to ensure that privacy protections are implemented and enforced in their cars. As Hodgson pointed out, the best-case scenario for automakers and consumers might be that as consumer awareness grows, more carmakers will use stricter data privacy practices as a marketing tool, similar to how Apple makes its products stand out from its competition. 

A lawsuit against GM has been filed on behalf of consumers. GM, who is facing a lawsuit, says it has stopped sharing driver data with insurance brokers who work with insurance companies to avoid the lawsuit. There was a press release from GM, which stated, "Customer trust is very important to us, and we are continuously evaluating our privacy policies and procedures to protect it.".
Read more »
safety critical systems
Car internet Security safety critical systems

Cars connected with internet vulnerable to hacking








A nonprofit group Consumer Watchdog along with car industry technologists has issued a warning for all the cars that have Internet connections to safety critical systems. 

The report “Kill Switch: Why Connected Cars Can Be Killing Machines And How To Turn Them Off,” finds out that the cars are highly vulnerable to fleet wide hacks, if their safety systems are connected to internet. 

The automakers have disclosed this vulnerability to their investors, but they are compelling them to use the new features as it is very much fascinating to the market. 

“Connecting safety-critical systems to the Internet is inherently dangerous design,” said Jamie Court President of Consumer Watchdog.  “American car makers need to end the practice or Congress must step in to protect our transportation system and our national security.”

The report warns: “Recent reporting about United States efforts to counter Russian cyber-attacks with its own online infiltration indicate that we increasingly live in the era of cyber warfare. An attack targeting transportation infrastructure is a growing possibility.  Most concerning is that automotive industry executives are aware of these risks, yet are proceeding nonetheless to deploy these technologies, putting corporate profits ahead of consumer safety and national security.”

According to the Consumer Watchdog’s report, the car connected with an Internet kill-switch that physically disconnects the Internet from safety-critical systems. To stop this, the future designs should completely isolate safety-critical systems from infotainment systems. 


The report was prepared by a  group of more than 20 car industry engineers and insiders, but they choose to remain anonymous for fear of losing their jobs. 
Read more »
Subscribe to: Posts (Atom)