Attached: 1 image
As it turns out, Volkswagen has been collecting extensive geo data from all their electric cars and made them available online in an AWS bucket. Almost 10TB of geo traces from 15 MiO cars. Amazing detail and patterns. This is why I don't want a smart car 🤯 https://events.ccc.de/congress/2024/hub/en/event/wir-wissen-wo-dein-auto-steht-volksdaten-von-volkswagen/ #Volksdaten
Sure there is. Most people don’t have the hardware handy to do it, but at the end of the day it’s just a computer sending IPv4 traffic through an LTS cellular modem to an S3 bucket.
And if you know your car’s UDID you can probably look it up in said S3 bucket, since it was open to the public.
Sure, they COULD be using a TPM in the cars and PKI so that having the public key still only lets them encrypt the data and not decrypt it… but in that case, we wouldn’t have this article, because they’d have properly secured the data.
Since they only really value that telemetry in bulk and have to foot the compute bill, I’m pretty confident they don’t actually do that, but instead depend on the S3 bucket and the connections to it being encrypted.
If they don’t know that you want it disconnected or never wanted it connected in the first place they’re likely to just tell you if it’s active or that it’s not at the request of the owner and then ask if you want it connected. If you play dumb and non-accusatory. That’s all I’m saying.
There’s no way to know though…
Sure there is. Most people don’t have the hardware handy to do it, but at the end of the day it’s just a computer sending IPv4 traffic through an LTS cellular modem to an S3 bucket.
And if you know your car’s UDID you can probably look it up in said S3 bucket, since it was open to the public.
You are aware that encryption exists, right?
And the decryption key is stored… where?
Sure, they COULD be using a TPM in the cars and PKI so that having the public key still only lets them encrypt the data and not decrypt it… but in that case, we wouldn’t have this article, because they’d have properly secured the data.
Since they only really value that telemetry in bulk and have to foot the compute bill, I’m pretty confident they don’t actually do that, but instead depend on the S3 bucket and the connections to it being encrypted.
Take your car into a dealer and ask them if the modem is connected. Frame is as you think it’s malfunctioning and they’ll look to see.
I mean, they could disconnect it for you, but there’s still no way to know if it’s been transmitting data you don’t want it to in the meantime
If they don’t know that you want it disconnected or never wanted it connected in the first place they’re likely to just tell you if it’s active or that it’s not at the request of the owner and then ask if you want it connected. If you play dumb and non-accusatory. That’s all I’m saying.