The vulnerability also affects vehicles from Volkswagen-owned car brands.
The location information of around 800,000 electric Volkswagen vehicles was being accidentally leaked for many months.
According to media reports, the leak reportedly stemmed from the software running inside Volkswagen vehicles, and could have allowed an attacker to trace a driver’s exact movements.
A whistleblower first notified Der Spiegel and the European hacking association Chaos Computer Club of the vulnerability, which also affects vehicles from Volkswagen-owned car brands, including Audi, Seat, and Skoda.
The data reportedly included details about when vehicles were switched on and off, along with the emails, phone numbers, and addresses of drivers in some cases. It also included the “precise” locations of about 460,000 vehicles, “accurate to within ten centimeters” for Volkswagen and Seats vehicles, and within 10km (~6 miles) for Audi and Skoda models.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
