Please note that all submissions to the site are subject to the wiki's licence, CC 4.0 BY-SA, as found here

Volkswagen car locations and identities revealed due to security fail

From Consumer Action Taskforce
Revision as of 15:01, 17 January 2025 by Nathanriley (talk | contribs) (Create Video Transcript / Summary Page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

https://www.spiegel.de/netzwelt/web/volkswagen-konzern-datenleck-wir-wissen-wo-dein-auto-steht-a-e12d33d0-97bc-493c-96d1-aa5892861027

https://www.youtube.com/watch?v=EozPi1qmH44?t=60

https://www.youtube.com/watch?v=2nXVljRUnoc

https://www.ccc.de/en/updates/2024/das-ist-vollig-entgleist

https://www.documentcloud.org/documents/23846414-nhtsa-letter/

AI Disclaimer

The Summary and Transcription below were generated using artificial intelligence (AI). While efforts have been made to ensure accuracy and coherence, the following points should be noted:

  • The transcript is machine-generated and is likely to contain inaccuracies, omissions, or misinterpretations due to the limitations of automated transcription technology.
  • The summary, created using AI, is derived from this transcript and will likely not capture the nuances, tone, and context of the original content.
  • Users should exercise caution and verify the information, considering the compounded limitations of two layers of AI processing.

AI Summary

This video discusses a security fail by Volkswagen, where customer data was left publicly accessible due to a misconfiguration. Louis Rossmann explains how this is not an isolated incident and that car manufacturers are often guilty of compromising their customers' security and privacy. He emphasizes the need for consumers to push back against these practices and demand better security measures.

Car Manufacturers Collecting Personal Data

Car manufacturers, including General Motors, Nissan, Ford, Toyota, and Honda, collect vast amounts of personal data from vehicle owners without consent. This data includes location information, driving habits, and other sensitive details. Rossmann argues that this is not necessary for the functioning of modern cars and that consumers should be able to opt out of this data collection.

Security Failures by Car Manufacturers

Volkswagen's security fail, where customer data was left publicly accessible, is just one example of a larger problem. Rossmann notes that car manufacturers often prioritize profits over security and that their systems are vulnerable to hacking. He cites the example of General Motors' use of admin 1 2 3 45 as a password, which is not secure.

The Right to Repair

Rossmann references the right to repair ballot initiative in Massachusetts, which aimed to give consumers access to the tools and information needed to repair their own vehicles. Despite opposition from car manufacturers, the initiative passed. Rossmann argues that this is an important step towards giving consumers more control over their own data.

Creating a Consumer Protection Wiki

Rossmann announces his plan to create a consumer protection wiki, where he will document instances of companies screwing over their customers. He hopes to create a centralized database that ordinary consumers can contribute to and use to make informed buying decisions.

The Importance of Security Audits

Rossmann emphasizes the need for car manufacturers to conduct security audits on their systems. He notes that Carrie Guiles from the National Highway Transport Association (NHTSA) wrote a letter warning automotive manufacturers about the risks of hacking into cars, which could lead to vehicle crashes, injuries, or deaths.

Avoiding Cultural Wars

Rossmann stresses the importance of avoiding cultural wars over issues like electric vehicles versus internal combustion engines. He argues that consumers should focus on holding car manufacturers accountable for their security and privacy practices rather than engaging in unnecessary debates.

AI Transcription

hey everybody how's it going hope you

having a lovely day remember when we

tried to get that ballot initiative

passed in Massachusetts in 2020 the

right to repair ballot initiative so

that Automotive mechanics and

independent mechanics would be able to

have access to what they need the tools

the programming the documentation be

able to repair your car U that did pass

but the it passed with a lot of

opposition General mortars Ford Nissan

Toyota and Honda spent about $25 million

producing commercials saying that people

would be able to get access to the data

inside your vehicle they'd be able to

control your vehicle they get access to

your location and they would use it to

sexually assault you stalk you through a

parking lot rape you break into your

garage and one of the questions that

came up in my audience when they saw

these garbage commercials

was why is my car collecting all this

information I mean to begin with and why

would somebody be able to control my car

remotely even if they are from the

manufacturer and that's a great question

the problem with a lot of the what's in

modern cars is not even that your modern

car has technology is that your modern

car has technology akin to Microsoft

Windows XP Service Pack 1 which is

pretty much means a Swiss cheese of

virtually anybody can get access to the

data in your car whether we're talking

about General Motors which is taking

your information on your driving your

turning radius when you stop what time

you drive and where you go selling that

information to Lexus Nexus without your

consent selling that information to

insurance companies that then use that

as a justification to raise your rates

or companies that just make your

location data available to any Tom Dick

or Harry that has basic AWS systems

Administration knowledge it is usually

the manufacturer that is guilty of what

it is they are blaming independent

mechanics and independent repair people

of they they try to scare you out of

being able to own what you bought and

paid for with garbage like this before I

get into today's news let's just recap

because this is a video that has been

virtually scrubbed from the internet

since that ballot initiative was done do

keep in mind General Motors Nissan Ford

Toyota and Nissan all spent $25 million

combined to have these commercials aired

all across the state in Massachusetts in

2020 to try to scare you out of being

able to go to an independent

mechanic if question one passes in

Massachusetts anyone could ask access

the most personal data stored in your

vehicle domestic violence Advocates say

a sexual predator could use the data to

stalk their victims pinpoint exactly

where you are whether you are alone even

take control of your

vehicle vote no on one keep your data

safe Volkswagen was using carad to store

terabytes of customer data in AWS and

due to a misconfiguration these storage

instances were left publicly accessible

without proper restrictions or

authentication AKA similar to the United

States nuclear codes between the early

60s to late '70s no seriously that was a

thing guess what the password was to

that for about 12

years this is another instance of the

automotive manufacturer or the

manufacturer in general accusing the

independent repair technician or just

you as a car owner of what it is that

they're doing they're saying that by

trying to make things more reparable

that we are making them more dangerous

that we are a danger to privacy and

security and your person personal data

every single time you hear the

manufacturer discuss security and

privacy and safety they're usually the

ones that are actually exposing or

compromising your security privacy and

safety and they are deflecting and using

those reasons on Independent repair

shops independent mechanics or people

that simply want the ability to own what

they bought and paid for yet in reality

when you take a look at their own

actions whether it is their their

incompetence with regards to systems

Administration or their intentional

You by selling your personal

data without your consent to insurance

brokers and Lexus Nexus with by

did you ever say yes to that it's

usually them that are doing what they're

blaming you of and this is something

that's probably going to continue and

continue and continue until people start

pushing back against it now one thing

that's really important here is to ask

this question of the manufacturer which

is why does my car have uh why is my car

tracking me everywhere I go to begin

with if I am not using the GPS why can't

I simply turn that off if I'm not

using the map why isn't there like a

switch that I can flip that simply

disables this if I don't want that to be

on all the time more importantly

why is it that somebody would be able to

take control of my vehicle if somebody

can take control of my vehicle simply

because a repair mechanic has access to

a repair tool that is akin to me being

able to hack into my bank as FTP server

because I have filezilla on my computer

if having a FTP client on my computer is

enough to hack into my bank's FTP server

that means that my bank's FTP server

likely has the username of admin and the

password of 1 2 345 that is not real

security that is security through

obscurity which is not actually security

and any CIS admin that has been working

for longer than one day knows this but

apparently the individuals working for

the car manufacturers don't nor do their

lobbyists my goal is to have as many

people as possible ask that question of

listen if you're talking about my safety

and my security and my personal data why

the is my car collecting my

personal data and why is it so difficult

to opt out of that and why do you keep

selling that data other people the thing

that I think is most important above all

is to avoid having this turned into a

cultural war I've seen many sides

talking about how this is an electric

car thing this is an electrical vehicle

thing those evil electric vehicles are

at fault and this is a great way to

create this like Democrat versus

Republican conservative versus liberal

fight where we ignore the fact that it

is the car companies that are us

every single car to date that you can

purchase that's new virtually all of

them have a little screen on it they

have a GPS and they have the ability to

do navigation within the vehicle what

that means is that this will occur

whether you have an internal combustion

engine vehicle whether you're using

normal fuel whether you are using diesel

whether you are using premium or whether

you are charging your car in your garage

this occurs whether you have a hybrid

vehicle a fully electric vehicle a

plug-in hybrid or a standard old gas car

whether it is your F350 turbo diesel

your Toyota Prius or your Tesla Model 3

this is something that is going to

affect everybody because modern cars

have computers in them and the computers

are not the enemy I like having

computers in my devices I like when my

devices are smart but my devices must be

smart on my terms I must be the one

that's controlling them not the

manufactur I do not want to see all this

push back against technology nor do I

want to see this nonsense where people

are arguing back and forth over electric

vehicles as if that matters my bicycle

is electric it has a great FOC motor

controller on it it does not connect to

the internet unless I wanted to and the

technology is controlled by me I love

the fact that I can program my electric

bike I love the fact that I can utilize

new technology in all these different

spaces I like the fact that I could

control my air conditioner from anywhere

I want in the world I like the fact that

I have Smart cameras in my house but

those smart cameras are controlled by me

they do not connect to the internet

unless I want them to and I can review

the source code that is running on them

at any given time to ensure that they

actually work okay not me I'm a

idiot but I could have other people

review the source code on it that have

actually passed chapter one of Dennis

Richie C programming language book which

two years and I'm still uh in

all seriousness I my biggest fear here

is that this turns into some nonsensical

culture War where you have the the

people that like the Lites versus the

tech enthusiasts and at the end or the

electric car people versus the F350

turbo diesel people and it really

shouldn't be something like that it

should be all these people coming

together and looking at the car

manufacturer and saying a put a

switch on that car that allows me to

turn the off and B above all why

the are you using admin 1 2 3 45 as

your username and

password not the exact issue here but

you get my point why don't you allow me

to easily opt out of this stuff or

easily turn it off when I'm not using it

there is no reason for my car to have an

active GPS if I am not actively using

the navigation there is no reason for my

car to be online when I do not want it

to be and it should be as simple as

flipping a switch to turn all the

off B if you are going to have all this

crap in the car can you at the very

least have some security audits done

because by admitting that this is

insecure when Carrie gules from Nitsa

comes out and says that there are

genuine security issues and how people

could hack into the car and up your

car which I talk about in this video

over here she wrote a nitel letter right

after this right to repair initiative

passed through the court to tell all the

automotive manufacturers by the way

don't listen to this this is dangerous

this is going to hurt your data vehicle

crashes injuries or deaths are

foreseeable outcomes of such a situation

the issue is not whether the repair tool

is in the hands of the manufacturer the

independent mechanic the issue is in the

complete lack of security in your

systems to begin with if you have

created a system where you never

expected anybody else to have access to

it you're probably going to be a little

LAX in your systems Administration if

you decided that I don't know you don't

want to pay the engineers to do it you

want to spend that money somewhere else

like 25 million dollars on

commercials weaponizing

people's sexual assault experiences this

is all all of this is complete

the blame needs to be where it belongs

with the manufacturer don't fight with

your neighbor because he has an electric

car and you have a TBO diesel don't

fight with your neighbor cuz you're a

lite and they're a tech Enthusiast put

the blame where it belongs the tech

manufacturer and the ass Regulators

that allow this to happen I'm expected

to have better security from my

magenta web store where I sell at an 862

then a multi-billion dollar automotive

manufacturer is for a vehicle that is

transporting police politicians and well

okay maybe people don't care if they

know the location of their politician

but you get the idea that's it for today

and as always I hope you learn something

I'll see you in the next video bye now

by the way a little aside here I am

announcing the creation of a consumer

protection wikii I've done these videos

in this channel where I actually read

through this stuff in this video I go

through this entire thing in detail

where where I go through the

announcements from Nitsa I go through

legal documents I go through all these

scams and garbage that I talk about I

have citations for them but it's in a

video I want this stuff to be in an

easily browsable Weeki format so every

single one of these videos where there's

over a thousand of them going dating

back 12 years going over consumer

advocacy I want to have one location

that's very easily searchable that

documents every single instance of a

company screwing over its customers and

the problem is the modern consumer stuff

like when you go to CNET when you go to

Consumer Reports at JD Power sometimes

you get something good sometimes you

don't but they don't really mention

these types of issues they don't mention

the device spying on you they don't

mention that the device has to be

connected to the internet to work and

they sure as don't update their

articles to tell you when that

manufacturer has decided to try and

force forced arbitration into it take

away your ability to use your device

unless you agree to forced arbitration

take away features that were advertised

with the device unless you start paying

more money as a subscription for you

later or that they have the ability to

do that CU it's connected to the

internet this is something that Cory

talked about over 20 years ago how there

were Outlets that were reviewing these

products and not even making mention of

it I would like to create a centralized

database in the form of this type of

open Weeki where everybody can

contribute to it and I'm going to be

doing my best going forward to log every

single thing I discuss in this Channel

and I also want to go back and go

through all of my old videos find those

citations in the description and add

every single instance into this I

realized that this is a total pipe dream

but one of my goals here would be to

create something that has so much power

among ordinary consumers the consumer

reports of the 21st century that goes

over all the new ways that consumers get

that people actually make buying

decisions based on it and more

importantly maybe it actually sways what

manufacturers do again is it a total

pipe dream absolutely but that still

that doesn't mean that I don't want to

try I'm very excited about this I'm

going to be setting up a media Weeki

instance soon I am not very good at

administering these things and I sure as

have no idea how to professionally

run a Weeki but I will be trying if you

have any advice please do email me at

YouTube rossan group.com that's two s's

and two NS YouTube rossan group.com if

you have more experience than me or

which is very very low bar here or you

have any good advice from running a week

yourself and kind of understanding what

the pitfalls are of trying to do

something like this or the traps that

newbies fall into I I am all ears and no

ego here I know that I'm an idiot when

it comes to running these things and I

need your help if I'm going to turn this

into something great that's it for today

and as always I hope you learned

something I'll see you on the next video

bye now

Retrieved from "https://wiki.rossmanngroup.com/index.php?title=Volkswagen_car_locations_and_identities_revealed_due_to_security_fail&oldid=1766"