[Thanos Pappas at CarScoops]

There are a few different levels to this story about the VW Group's terrible cybersecurity:

"According to a new report from Germany, the VW Group stored sensitive information for 800,000 electric vehicles from various brands on a poorly secured and misconfigured Amazon cloud storage system—essentially leaving the digital door wide open for anyone to waltz in. And not just briefly, but for months on end."

Much of this data was precise location information for hundreds of thousands of vehicles - all stored in a misconfigured S3 bucket.

So, obviously, it's incredibly damning that a company the size of VW left its sensitive data on an S3 bucket in this way. But it's not great - at all - that the company was storing this information at all.

One of the challenges of modern cars (this issue isn't limited to EVs) is that they're fully connected and phone home to their manufacturers. It isn't just VW that keeps track of the locations of the vehicles it makes; it's every car manufacturer. If there's a connectivity option for the car, the car is being tracked.

This data can be used in all kinds of ways: for example, it could be used as an additional revenue stream by selling it to data brokers, whose customers could use it for use cases that run the gamut from ad targeting to law enforcement.

The headline here is provocative, but the impact of these sorts of disclosures isn't limited to people who travel to brothels. Activists, politicians, and journalists are three more groups who are at risk from always-on tracking. And one can imagine this kind of data being used to demonstrate that someone drove to get reproductive healthcare, for example.

Nobody should be able to obtain this level of personal tracking about any private person. That it was accidentally released on an S3 bucket is almost incidental.

#Technology

[Link]