The vulnerability also affects vehicles from Volkswagen-owned car brands.
The location information of around 800,000 electric Volkswagen vehicles was being accidentally leaked for many months.
According to media reports, the leak reportedly stemmed from the software running inside Volkswagen vehicles, and could have allowed an attacker to trace a driver’s exact movements.
A whistleblower first notified Der Spiegel and the European hacking association Chaos Computer Club of the vulnerability, which also affects vehicles from Volkswagen-owned car brands, including Audi, Seat, and Skoda.
The data reportedly included details about when vehicles were switched on and off, along with the emails, phone numbers, and addresses of drivers in some cases. It also included the “precise” locations of about 460,000 vehicles, “accurate to within ten centimeters” for Volkswagen and Seats vehicles, and within 10km (~6 miles) for Audi and Skoda models.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
