jsr on Nostr: Monday edition of *Car privacy is an absolute nightmare*: ...
Monday edition of *Car privacy is an absolute nightmare*:
Subaru's employee portal holds a year's worth of location data for all internet-connected cars.
We know this because it was vulnerable (now fixed). You could pull a year's worth of driving just with a license plate.
Props to Sam Curry & Shubham Shah for exposing it. Pic is a years' worth of Sam's mom's #Subaru locations.
I seriously doubt any owner has a clear idea that this data is being collected on them.
But the same thing is replicated for almost every car mfr (see the #Mozilla foundation report on car privacy link)
Literally no car owner has asked for their whip to be turned into a surveillance portal.
And yet..
Car companies feel basically no pressure to do right by customers, but experience a lot of incentives to mine their movements for money.
Sidenote: same (now closed) vulnerability also enabled remote unlocks & starts and a bunch of other highly undesirable things.
Reading list:
The Subaru research: https://samcurry.net/hacking-subaru
News report on it: https://www.wired.com/story/subaru-location-tracking-vulnerabilities/
Mozilla Foundation's key investigation into car privacy: https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/
Subaru's employee portal holds a year's worth of location data for all internet-connected cars.
We know this because it was vulnerable (now fixed). You could pull a year's worth of driving just with a license plate.
Props to Sam Curry & Shubham Shah for exposing it. Pic is a years' worth of Sam's mom's #Subaru locations.
I seriously doubt any owner has a clear idea that this data is being collected on them.
But the same thing is replicated for almost every car mfr (see the #Mozilla foundation report on car privacy link)
Literally no car owner has asked for their whip to be turned into a surveillance portal.
And yet..
Car companies feel basically no pressure to do right by customers, but experience a lot of incentives to mine their movements for money.
Sidenote: same (now closed) vulnerability also enabled remote unlocks & starts and a bunch of other highly undesirable things.
Reading list:
The Subaru research: https://samcurry.net/hacking-subaru
News report on it: https://www.wired.com/story/subaru-location-tracking-vulnerabilities/
Mozilla Foundation's key investigation into car privacy: https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/