- 800,000 Volkswagen Group models are affected by violations, 300,000 of which are from Germany
- More than half share precise GPS location data
- Volkswagen responds promptly and responsibly
Volkswagen’s software subsidiary Cariad reportedly exposed sensitive data from 800,000 electric vehicles to an unsecured environment. Amazon According to reports, the folder is stored in the cloud.
The concern was raised when Nadja Weippert, mayor of Tost in Lower Saxony, delved into the app she needs to download to use the Volkswagen ID.3 remote functionality.
She discovered that every time the car was turned off, it collected precise geolocation data, creating a detailed picture of where she’d been.
Volkswagen unsafely collects customer data
The vulnerability was first discovered by the European ethical hacker group Chaos Computer Club (CCC) and informed by a whistleblower. The CCC confirmed the problem on November 26 and notified Cariad, giving the company 30 days to make the data inaccessible.
Cariad acknowledged that the issue stemmed from improper configuration of two IT applications and responded within just a few hours, thanking the CCC for its work. CCC spokesman Linus Neumann praised Volkswagen’s software company (via mirrortranslated as Google Translation): “The Cariad technical team was responsive, thorough, and responsible.”
german publications mirror It was revealed that more than half of the vehicles (460,000 vehicles) are sharing precise GPS data. Most of the 800,000 affected models are located in Germany (300,000), with tens of thousands of affected electric vehicles also in Norway, Sweden, the United Kingdom, the Netherlands, France, Belgium, Denmark, Switzerland and Austria.
Since Volkswagen is the parent company of other popular European brands, Audi, Seat and Skoda models are also reportedly affected. It is unclear whether CUPRA, Porsche and other Volkswagen Group subsidiaries are also affected.
mirror Calling the mistake a disgrace, VW already lags behind rivals in the software area.
While Volkswagen made the unfortunate mistake of lying about the emissions of many of its diesel cars for nearly a decade, it’s not the only company collecting customer data. In September 2023, we reported Mozilla Research It has been revealed that 25 major car manufacturers collect more data than they need.
As the line between technology and cars gets closer, customers and researchers are rightly raising more and more safety concerns.