Attached: 1 image
As it turns out, Volkswagen has been collecting extensive geo data from all their electric cars and made them available online in an AWS bucket. Almost 10TB of geo traces from 15 MiO cars. Amazing detail and patterns. This is why I don't want a smart car 🤯 https://events.ccc.de/congress/2024/hub/en/event/wir-wissen-wo-dein-auto-steht-volksdaten-von-volkswagen/ #Volksdaten
Sure there is. Most people don’t have the hardware handy to do it, but at the end of the day it’s just a computer sending IPv4 traffic through an LTS cellular modem to an S3 bucket.
And if you know your car’s UDID you can probably look it up in said S3 bucket, since it was open to the public.
Sure, they COULD be using a TPM in the cars and PKI so that having the public key still only lets them encrypt the data and not decrypt it… but in that case, we wouldn’t have this article, because they’d have properly secured the data.
Since they only really value that telemetry in bulk and have to foot the compute bill, I’m pretty confident they don’t actually do that, but instead depend on the S3 bucket and the connections to it being encrypted.
Sure there is. Most people don’t have the hardware handy to do it, but at the end of the day it’s just a computer sending IPv4 traffic through an LTS cellular modem to an S3 bucket.
And if you know your car’s UDID you can probably look it up in said S3 bucket, since it was open to the public.
You are aware that encryption exists, right?
And the decryption key is stored… where?
Sure, they COULD be using a TPM in the cars and PKI so that having the public key still only lets them encrypt the data and not decrypt it… but in that case, we wouldn’t have this article, because they’d have properly secured the data.
Since they only really value that telemetry in bulk and have to foot the compute bill, I’m pretty confident they don’t actually do that, but instead depend on the S3 bucket and the connections to it being encrypted.