cross-posted from: https://infosec.pub/post/21710275
Volkswagen has inadvertently exposed the personal information of 800,000 electric vehicle owners, including their location data and contact details. The breach, which occurred due to a misconfiguration in the systems of Cariad, VW’s software subsidiary, left sensitive data stored on Amazon Cloud publicly accessible for months. The exposed information included precise GPS data, which allowed […] The post Volkswagen Data Breach: 800,000 Electric Car Owners’ Data Leaked appeared first on Cyber Security News.
You connect your phone to it, and then it takes over some displays in the cars infotainment unit.
But that means it needs a screen. The car already has a computer in it, so it could output it’s own stuff to the screen if it really wanted to.
Everything they need to show you a map is already there in the car if they wanted to write the software themselves, add a gps, and a cellular connection.
Edit: And by making this the main system, they give up control of a critical part of the car. If it’s optional and not the only system, then they likely have their own software stack with maps and a gps/cellular connection anyway.
Edit: And just to be clear, you statement of
And your response is, but the car should be connected to the internet and have all the internet connectivity that people want, but i just want it to be through my phone, and I want the OEMs to be beholden to Apple and Google in the process because of that demand.
I’m not the person you’re talking to but none of that sounds like a feature to me (or like it benefits anyone but the car company). My ideal car has the infotainment system (if there is one) air gapped from any other onboard system entirely (I’ll begrudgingly accept an isolated camera for backing up).
I want my car to be as dumb as possible. I don’t want it to receive software updates unless there’s been a recall and they hook up an OBD device. I don’t want it to connect to the Internet at all, for any reason. I don’t want to worry about whether connecting a phone to play audio over the speakers is a vector for malware to reach the point where it can lock the brakes on the highway or brick the car or fry the battery. I don’t want to worry about whether the company is using the onboard GPS to track my movements so it can sell them to third parties.
There’s this endless push to make everything a rental service reflected even in your framing of the car as belonging to their manufacturer. If I bought the thing it’s my car, not theirs. I don’t want them to be able to kill the thing through a bad patch or when my owning it isn’t profitable enough to them anymore. If it has a screen for a radio etc it would ideally be a standardized unit easily swappable for other aftermarket parts, not the brain of the car.
Maybe these demands are unreasonable but they’re a big part of the reason I’ve stuck with my cheap old ICE vehicle for now rather than switch to a higher tech, less secure machine even though an electric vehicle would be better aligned with my values and lifestyle. Eventually I’ll find something simple enough or build one from a kit or something. That’s part of why I keep an eye on this community, waiting for something that seems simple and secure enough.
I hope that makes sense.
Ya, that makes sense, I’m not sure that’s what you’re ever going to get though. I don’t know if all OEMs will move to OTA updates, but that’s still only a portion of what you mention there. Even with the software if it was a dumb car with a completely isolated infotainment, I’m not sure you could ever prevent them from updating it if you had to take it in for a recall that required a software update? Its your car, but its their software.
Ultimately, they are computers on wheels now, and with the requirement of all the new safety features like pedestrian detection, AEB breaking, backup cameras, it all requires a computer, and it’s just going to increase from here.
Yeah I’m not holding out a lot of hope, especially from normal dealership models. If I find something that fits it’ll probably be a secondhand commercial vehicle, a really cheap Chinese off brand I’ll never be allowed to import, or something intended to be recreational along the lines of La Bagnole. Or some kind of diy kit - there were some really cool homebuilt EVs made from scrapped Tesla parts and old ICE vehicles but I’m still just learning about fixing cars so that’s a long way off. For now I’m just driving less and using a bike when I can.