Heard about a big breach over at Volkswagen?
Here's whats going on. Every major car company collects your driving data. And everything I've learned about this subject makes me want to go into the dash and start pulling wires out.
100% of car companies collect unnecessary data
84% share/sell it
92% provide insufficient control over data.
(Data: Mozilla Foundation investigation)
Most pour it into the shady data-broker ecosystem.
Where it goes to god-knows who. And represents a really exciting stream of surveillance data for governments and everybody else.
Most also turn it over to governments.
And insurance companies.
We got here because, in search of new revenue streams, these car mfrs turned to mining owners for movement data.
Their disrespect for your #privacy is a through-line, and is reflected in just how sloppy they can be about protecting it.
Unsecured AWS? Ugh. But this is just the tip of the iceberg.
This massive data exposure happens to be Volkswagen, but the story tracks for every major car company.
When companies do offer some sort of opt-out... your car might break. Or so they warn you.
We are still in earliest days of people investigating and pointing this out, but things are bound to get worse with electronic vehicles.
Reading list:
Mozilla Foundation's key investigation: 
CSO Oline report on VW:
Nissan breach report:
Here's whats going on. Every major car company collects your driving data. And everything I've learned about this subject makes me want to go into the dash and start pulling wires out.
100% of car companies collect unnecessary data
84% share/sell it
92% provide insufficient control over data.
(Data: Mozilla Foundation investigation)
Most pour it into the shady data-broker ecosystem.
Where it goes to god-knows who. And represents a really exciting stream of surveillance data for governments and everybody else.
Most also turn it over to governments.
And insurance companies.
We got here because, in search of new revenue streams, these car mfrs turned to mining owners for movement data.
Their disrespect for your #privacy is a through-line, and is reflected in just how sloppy they can be about protecting it.
Unsecured AWS? Ugh. But this is just the tip of the iceberg.
This massive data exposure happens to be Volkswagen, but the story tracks for every major car company.
When companies do offer some sort of opt-out... your car might break. Or so they warn you.
We are still in earliest days of people investigating and pointing this out, but things are bound to get worse with electronic vehicles.
Reading list:
Mozilla Foundation's key investigation: Mozilla Foundation
*Privacy Not Included: A Buyerβs Guide for Connected Products
All 25 car brands we researched earned our *Privacy Not Included warning label β making cars the worst category of products that we have ever rev...
Volkswagen massive data leak caused by a failure to secure AWS credentials | CSO Online
Nissan North America Reports Consumer Data Breach | IndustryWeek
Analogy-ish: burglar breaks into plumber's office & steals master keys to the buildings they service...
Given BeyondTrust's big client list, presumably with many juicy targets for the #PRC it makes you wonder who else may have been targeted.
Talented reporting crew of Raphael Satter & AJ Vicens point to a recent posting by BeyondTrust about an incident that identified a series of vulnerabilities in their remote support tools.
Sure sounds like this is it...
Tom Hegel rightly points out the longstanding pattern of hackers from #China targeting trusted 3rd party platforms (hello cybersecurity, identity & authentication vendors!) to go after big targets.
Pulling back a bit, this is a good reminder that #cybersecurity for most institutions today is heavy with services from 3rd party vendors.
Which means a complex layer of threat for defenders who also have to worry about the first order problems the #infosec vendor products seek to address...
Good times for the gov-backed #hacker class.
Reuters: