Old Cars 'Tell Tales' by Storing Data That's Never Wiped (itnews.com.au) 42
Slashdot reader Bismillah shared this report from ITNews:
Research and development engineer Romain Marchand of Paris headquartered Quarkslab obtained a telematic control unit (TCU) from a salvage yard in Poland... Marchand tore down the TCU, which is based on a Qualcomm system on a chip, and extracted the Linux-based file system from the Micron multi-chip package (MCP) which contained NAND-based non-volatile storage memory. The non-volatile storage contained sensitive information, including system configuration data and more importantly, logs that revealed the vehicle's GPS positions over time.
None of that information was encrypted, Marchand told iTnews, which made it possible to collect and retrieve sensitive data of interest. What's more, the global navigation satellite system (GNSS) logs with GPS positions covered the BYD's full journey from the factory in China to its operational life in the United Kingdom, and to its final wrecking in Poland, Marchand explained in an analysis... The issue is not restricted to BYD, and Marchand added that the hardware architecture of the Chinese car maker's TCU is broadly similar to what can be found in other brands.
None of that information was encrypted, Marchand told iTnews, which made it possible to collect and retrieve sensitive data of interest. What's more, the global navigation satellite system (GNSS) logs with GPS positions covered the BYD's full journey from the factory in China to its operational life in the United Kingdom, and to its final wrecking in Poland, Marchand explained in an analysis... The issue is not restricted to BYD, and Marchand added that the hardware architecture of the Chinese car maker's TCU is broadly similar to what can be found in other brands.
BYD sold cars in Europe in 2021 first (Score:3)
So, the 'old car' is a bit of a stretch.
Re: (Score:3, Insightful)
Since when do you oppose misinformation? Your hero is the king of it.
The real question is why anyone should care. Cars generate this information and expose it long before they end up in a junk yard. The data's been exploited repeatedly, why is the data suddenly a problem once the car is retired?
If any action should be taken, it should be preventing this information from existing at all. That wouldn't make America Great Again, though, no money in it for your party.
That's not an old car (Score:5, Informative)
Re: (Score:1)
Re:That's not an old car (Score:5, Interesting)
It sounds like a bug. Tesla did the same thing and it resulted in a lot of Teslas dying prematurely because the flash memory wore out due to all the logging.
They tried to charge people to fix it too.
Re: That's not an old car (Score:2)
the global navigation satellite system (GNSS) logs with GPS positions covered the BYD's full journey from the factory in China to its operational life in the United Kingdom, and to its final wrecking in Poland, Marchand explained in an analysis..
A nonsensical, impossible claim - do you really claim the flash memory in the car stores *every* waypoint the car ever travels? It makes no sense, the data retained would be enormous. The linked to article shows four or five data points per second, extrapolate that over the life of the vehicle and you quickly realize it's impossible.
I think what the system retains are what it considers "important" datapoints, like impacts, when warnings are made to the driver, and when errors are detected. It also makes sen
Re: (Score:2)
That does make a lot more sense.
Re: (Score:2)
A nonsensical, impossible claim - do you really claim the flash memory in the car stores *every* waypoint the car ever travels? It makes no sense, the data retained would be enormous. The linked to article shows four or five data points per second, extrapolate that over the life of the vehicle and you quickly realize it's impossible.
No, that's quite feasible. Assume double precision floating point for latitude and longitude, plus a 64 bit timestamp. 192 bit * 5/s * 10 years comes out to a WHOPPING... 35 GB.
You can log location essentially indefinitely, without using any compression, and without bothering to stop when the car isn't moving, and you never even need to overwrite anything. The most expensive part of the required storage will be getting it certified for automotive ambient temperature.
Re: (Score:2)
Re: That's not an old car (Score:2)
Re: (Score:2)
The only data storage my car uses is a cassette player
And the cassettes periodically auto-wipe themselves. :-)
Re: (Score:2)
The qualifier for "classic car" is around 25 years. This includes cars made at the turn of the millennium now which generally means fairly modern ones are "old cars" now.
Even 10 year old cars are fairly modern - may not be connected, but still often have a "black box" of data.
Things like an airbag controller have access to the entire wealth of car telemetry and all store the last few seconds of that data i
Cars need a reset/transfer option (Score:3)
Even 10 year old cars are fairly modern - may not be connected, but still often have a "black box" of data.
Like our mobile devices and computers, cars need a reset/transfer option.
Encryption (Score:5, Interesting)
I hate how it is always presented like lack of encryption is a bad thing. In many cases it is not. Someone has to have physical control to get to that data. Physical control is the first piece of security. Encryption in many cases after that protects NOTHING from the owners perspective. Encryption after that fact, other than the end to end communications are almost always used AGAINST the owner. Metrics and information that the owner never gets a chance to explicitly deny. I agree with encrypted communications and even encryption at rest, but things like pinned certificates and other aspects of encryption do absolutely nothing but allow manufacturers to weaponize things against the owner. Being blocked out is the first step, but after that comes data mining. Then after that comes artificially crippled features so those features can be sold back to you piecemill. Fuck that and them. Every connected thing should be forced by the government to have features at the bare minimum that allow the owner to see data streams and control what goes where. Zero trust is the gold standard in security and the fact that owners are not allowed to lock out the manufacturer from EV's and other cars is patently ridiculous. These things are connected to the grid a large portion of the time for God's sake. Government needs to step in and enforce that all connected things have a root level firewall that allows the OWNER to control the security and where the data goes and the ability to inspect encrypted traffic to see if they approve of it leaving the vehicle or the connected thing.
Re: (Score:2)
Someone has to have physical control to get to that data.
This is your assumption. Most modern cars, including BYD, are connected.
Re: (Score:2)
The real problem is "connected", not un-encrypted.
Connected includes diagnostic ports (Score:2)
Most modern cars, including BYD, are connected.=
I'd say that connected is not exclusively wifi/cellular. Wired connections count too, and many non-modern cars have wired connection via diagnostic ports and logging data is available from these ports. Matter of fact those "classic cars" are about to start including early versions of such diagnostic ports? Or have they already?
Re: (Score:2)
You make it seem like that's hard.
It's not hard - junkyards are common. After an accident, custody of the car may no longer be yours - between law enforcement and your insurance company, they may have legal possession of the physical vehicle.
Often times a lot of that data can be extracted without dismantling the car - the OBD II port often lets you get at the data.
All cars with ABS, for example, will have the last few seconds of the car telemetry (spee
Tampering with evidence? (Score:2)
After an accident, custody of the car may no longer be yours - between law enforcement and your insurance company, they may have legal possession of the physical vehicle.
I would not be surprised if in some circumstances wiping any data/logs might be considered tampering with evidence.
Re: (Score:2)
" Physical control is the first piece of security."
-1, true but useless.
It is infeasible to maintain physical possession for any piece of technology throughout the entire lifetime. There isn't even a single entity that create from raw materials, maintain during use, and destroy back to raw materials any piece of technology.
Is your car in the room with you at all times? Of course not. You are insisting on a irrational condition for people to deserve security.
Technobabble (Score:5, Funny)
You know that when the article has more techobabble than a TNG episode and more acronyms than the US Military, it's some high quality journalism.
"Hackermanz extracted the positronic matrix unit (PMU), based on a quantum chip by Quanticorp, and extracted the Linux-based filesystem [wtf is a 'linux-based filesystem'???] from the Romulan control package (RCP) which contained DTRD based tachyon storage"
Re: (Score:2)
Thank heavens it didn't require they decouple the phase inducer array or reverse polarization of the warp field matrix!
Re: Technobabble (Score:2)
That would have required uncoupling the heisenberg compensators.
Other brands (Score:2)
Would like to see the data on that claim. BYD (and other Chinese automakers) are notorious for selling data collection platforms. American automakers aren't much better in terms of what insurance companies have been able to scrape from drivers (often with direct support from the manufacturer). But it would still be good to see a breakdown of what each brand logs as well as what it transmitted to where during the lifetime of the vehicle.
Re: (Score:2)
Would like to see the data on that claim. BYD (and other Chinese automakers) are notorious for selling data collection platforms. American automakers aren't much better in terms of what insurance companies have been able to scrape from drivers (often with direct support from the manufacturer). But it would still be good to see a breakdown of what each brand logs as well as what it transmitted to where during the lifetime of the vehicle.
This is Europe, so selling that data can get you in deep economic trouble. Same if a company buys it for use in Europe.... Chinese intelligence are surely siphoning the data, though, but I doubt they're selling it.
Re: (Score:2)
The American auto companies are much more scary then the Chinese ones. It is America who keeps starting wars, threatening to annex various countries and waging economic war on friendly countries. It is also American companies that have the profit motive to sell all the data they can and likely will happily sell to the Chinese government as well as other governments.
Seems odd (Score:2)
Why would you dedicate any storage to permanent GPS logs in a car? The way to monetize that data is to actually have it, which means periodically sending it back to the company's servers.
Car manufacturers will often make choices to save fractions of a cent per car, so why would you have them put any more storage capacity in them than the bare minimum?
Re: (Score:2)
"Why would you dedicate any storage to permanent GPS logs in a car?"
a) You chose an off-the-shelf component for cost that happened to have non-volatile memory.
b) Given that the component already had non-volatile memory, it was convenient to use.
c) There were no repercussions from not clearing that memory, so you put no effort into doing so.
Re: (Score:2)
Because you log basically everything, in a reasonably efficient compressed format, in a circular buffer as large as you can afford, in case its useful to figure out WTF happened when a car comes into the shop with some problem. Or figure out which features almost nobody uses so you might remove them in the next iteration. Or figure out what parts wear out too quickly or too slowly, etc.
Better to log it and not need it, than to need it and not have logged it.
Not just GPS (Score:5, Interesting)
Great car, good deal.
I know the original owners address, where he worked, the places he frequented, his kids house, etc, etc.
All stored in the nav memory.
No GPS logs, just the places he purposely stored.
People...purge your stuff before selling!
Re:Not just GPS (Score:5, Insightful)
If cars are basically just phones now, they should at least provide a factory reset button!
Re: (Score:2)
They do, or at least a way to delete all that from the info system. You just have to actually read the manual or go look for the settings. The person selling it has to remember about it and care enough to do so.
Evey rental car I've been in has had other people's data in it. The info was gone when I returned it.
Pretty when laid out. (Score:2)
Six liquor stores around my home show a decade of hub and spoke activity. Best to omit the butcher that made my favorite beef jerky... that screws up the symmetry.
Fear mongering (Score:1)
What a joke. This kind of "reporting" is why I only land on /. once a month at most these days. Combined with that garbage Zip piece, im convinced that I've completely wasted my morning.
Thanks?
Re:Fear mongering (Score:4, Insightful)
Slashdot is a place for nerds to argue about stories that somehow make it to the front page through a) the storm of shit which is submitted and b) the process of piquing the interest of the editors. It is a waste of time by definition, my friend, and it always has been. We don't come here to be constructive.
Flocks makes that data avaialable online (Score:2)