Werbung
Werbung

Software leak in VW electric cars: 800,000 models affected with Cariad software

(dpa) According to Spiegel and Chaos Computer Club, 800,000 cars are affected by the data leak at VW. The troubled VW Group is therefore not out of the headlines. Movement data from electric cars as well as contact information of owners are said to have been exposed on the internet without protection.

 

Full Transparency: The Chaos Computer Club drew attention to significant data gaps in the onboard software of the group's electric cars to VW's troubled software subsidiary Cariad. | Photo: VW
Full Transparency: The Chaos Computer Club drew attention to significant data gaps in the onboard software of the group's electric cars to VW's troubled software subsidiary Cariad. | Photo: VW
Werbung
Werbung

According to a media report, there was a data leak at VW's software subsidiary Cariad. Movement data of 800,000 electric cars in Europe, as well as contact information of owners, were reportedly exposed on the internet without protection, as reported by "Spiegel". 

Due to a software error, data from VW, Seat, Audi, and Skoda vehicles had been accessible in an Amazon cloud storage for months, the outlet writes. Precise location data for 460,000 vehicles was reportedly visible, which could have allowed inferences to be made about the lives of the people behind the wheels. 

Chaos Computer Club alerted Cariad

The VW group stated that the error had since been rectified. Sensitive information such as passwords or payment data was not affected. Apart from the Chaos Computer Club (CCC), which alerted Cariad to the error on November 26, no one accessed the data, according to a statement. 

Only data from selected vehicles, which were registered for online services and had online connectivity, were affected. According to the company, the data concerned charging behavior and habits to optimize battery and charging software. "Access to the data occurred in a very complex, multi-step process."
 

VW: No conclusions about individual persons

The CCC was able to access pseudonymized vehicle data that did not allow any conclusions to be drawn about individual persons. "Only by bypassing several security mechanisms, which required a high level of expertise and considerable time, and by combining various data sets, was the CCC able to draw conclusions about individual customer data of specific users," it continues.

The CCC never had access to vehicles at any time. "The final analysis of the incident is not yet complete and requires further effort due to its complexity." Once this analysis is complete, further steps may be decided if necessary.

Translated automatically from German.
Werbung

Branchenguide

Werbung