The German Volkswagen Group’s software company Cariad kept the data of hundreds of thousands of electric cars almost unprotected on the internet for months.
Cariad, the software company of the German Volkswagen group, kept the data of hundreds of thousands of electric cars almost unprotected on the internet for months, Sakslaislehti Der Spiegel says based on his report.
The app, which is required for several functions of Volkswagen’s electric cars, stores its users’ GPS data in Amazon’s cloud service. It would have been easy to combine the location data with the names and contact information of the car users. With the help of the data, it would therefore have been possible to find out detailed information about individuals, for example, who they meet or what they do, where and when.
According to Der Spiegel’s report, several German politicians, business leaders, the Hamburg police and possibly employees of German intelligence were exposed to data abuse. In total, the data of around 800,000 electric cars were exposed to abuse.
Information about the application’s data protection vulnerability was initially leaked to Der Spiegel and the hacker organization Chaos Computer Club (CCC). CCC, in turn, reported the vulnerability to Cariad. According to the newspaper, the company responded to CCC quickly, and the vulnerability has been fixed.
Der Spiegel and CCC published their report on the vulnerability only after the fact.
The case affects the cars of Volkswagen and its group members Seat, Audi and Skoda in Germany, Europe and elsewhere.
Most of the data was recorded from the year 2024, but some was also longer.