"It is important to note that the exposed details do not constitute personally identifiable information, so it wouldn't be possible to use this data leak to track individuals unless the attacker knew the VIN (vehicle identification number) of their target's car."
Am I dumb or are they? If you know someones home address, then all you need is a geo lookup, and a filter which selects for cars parked near that address at 3AM over some time period. Which then gives you the VIN and the entire location history, right? Sure you might get more than one car if the someone lives in a city and uses street parking but its still going to reduce down to just a handful of cars which can then be cross referenced against place of work, relatives, etc.
And of course home address lookup can be made with any number of public databases with little more than a name and maybe some additional filtering (age, city, phone number, etc).
> its still going to reduce down to just a handful of cars which can then be cross referenced against place of work, relatives, etc.
You are correct, but I can't imagine why anybody would go to that much trouble for a speculative answer. Your idea requires quite a bit of intelligence collection as well (relatives' addresses, addresses of known hangouts, etc. that you have to vet for accuracy).
If you have a confirmed home or work address, just go to their home or work and take a picture of the target VIN through the windshield.
Okay, massive tangent, but it's been bugging me for a while and this has finally tipped me over the edge - why is it called personally identifiable information? That would be information that someone can personally identify surely? Shouldn't it be personally identifying information?
Yes, all location tracking data is personaly identifiable.
Given any dataset like this it is trivial to pick any entry and trace where is home and where is work thus de-anonymizing it. Conversely given any home or work addreas it's trivial to find all other related entries for the individual.
Definitely agree. If I have a time series of geo location information, which visits point x,y once per day at 5:00pm I can probably conclude they probably live at this location.
Of course it would all be incredibly boring to analyze. We can conclude that people live at a certain location, (dumbly for no good reason) drive to another one 5 times per week and go a few other places.
Sure you might be able to find the odd person that is doing something weird or illegal but if you already know location x1, y1 contains bad guys might as well just go there and arrest them instead of creepily analyzing data that you know you shouldn’t have.
Yes people can finally see if their spouse was cheating. Or learn when a target is typically not at home. Or what church they go to. You are not dumb. The statement in the article is dumb however.
If you commute from home to a job I think even with somewhat coarse information it’s easy to figure out who you are. The NYT did a story like this based on advertiser data.
All car shrink-wrap licenses that I have looked at are similar. That's why I think it is funny when people freak out about Android Automotive. The Android Automotive terms are much, much better for customer privacy.
The EULA for my Honda says that Honda can and will share all available data with itself and third parties, named and unnamed, for any or no reason.
This is an absolutely unbelievable level of privacy intrusion IMO. I 100% support very heavily fining this sort of behavior, otherwise it will continue to proliferate.
I've purchased a few Toyota models, with the first having the connect service being a 2014 model. The sales rep asked for my phone so they could download the app that works with their system. The manner in which it was asked was interesting to me in that they clearly had not had someone so much as flinch as to giving them their unlocked phone and access to an app store. Maybe I was the first person not a grandparent they had worked with, but they obviously were not handed my unlocked phone. Since it was my first car with a connected system, I tried it out but was very unhappy with it. Their GPS required you to use your phone to enter a location and provide GPS. The in car system was basically just a screen for the services your device provided. The next time I purchased a car, I never even connected a phone to it.
if you own a car from 2008 or newer the government essentially mandates it to be a privacy nightmare. If you care about privacy don't buy a modern car. Throw in the Vault 7 CIA leaks about how they explicitly had programs to research how they could hack modern cars remotely
you have to wonder how many vehicle 0-days nation state actors have saved up for when they need them, even just displaying the ability would grind the country to a halt because people would be afraid to even drive
> This Privacy Notice DOES NOT apply to:
>[...]
> Any Toyota vehicles equipped with Connected Services located outside of the continental United States, Alaska and Hawaii.
If companies want to collect such personal data it should not be by default, and each clause should have to be independently validated by the customer including what data, how it's used, where stored, for how long, who it's shared with.
Nobody will accept basically so that says something about the asymmetry here.
The privacy policy looks really reasonable and mostly only collecting the data that it needs to provide the services. And the most cloud-based / privacy concerning stuff (e.g. external video capture, and usage-based auto insurance) is listed as opt-in.
Owners may want to disable this in hardware rather than relying on a sketchy opt-out mechanism. The relevant part is the "data communications module". It has an LTE modem and a backup battery, so it's able to transmit even if the car battery is disconnected. It requires a little bit of dashboard disassembly to access. You can either remove it or disconnect the LTE and GPS antennas. Toyota has technical documents available for $25 at https://techinfo.toyota.com.
It would be great if there was some website that collected all the detailed instructions for removing the spy devices from different car models.
do you know if there are easy equivalents for other car brands? when I bought my new car in 2019 I also wanted to disable any built in GPS/Data connection but it was hard to find any instruction if nobody else had done it or documented it yet. subaru if you happen to know!
edit:
hah, should have just googled it first. looks like people are trying it out more now
> It is important to note that the exposed details do not constitute personally identifiable information, so it wouldn't be possible to use this data leak to track individuals
The data included timestamped GPS data, which has been demonstrated to be easy to de-anonymize.
Yeah, companies seem to think that "personally identifiable information" is basically just your name. That's clearly wrong because GPS data and VIN make it extremely straightforward to figure out who a car owner is.
As far as I'm concerned, this is PII. That statement is a bald-faced lie and a state AG should bring charges over this - it's extraordinarily irresponsible for Toyota to collect this data and then leak it for TEN YEARS.
It is clear that automakers are utterly failing at technology.
In-vehicle control systems are typically garbage.
Several hacks have been shown where vehicle data is exposed over cellular links, in some cases with remote attackers being able to actually control elements of the vehicle (eg: Jeep).
Software updates are rare, with manufacturers often trying to charge exorbitant amounts for basic updates.
Data breaches of various customer data, credentials, PII, etc. are repeated.
IMO we are at the point where in-vehice technology is a thing that is never going away. Auto manufacturers need to become bona-fide software developers and take development, QA, cyber security, etc. far more serious than they have so far.
So I don't work in automotive domain, but I work in Controls Engineering. Basically everything you just said relates to my work as well, and based on tidbits of anecdotal info I've picked up through various technical forums it sounds like automotive & controls are quite similar in that regard.
The dirty truth is often times these domains were designed and chiefly operated by non-software people. Not to say a mechanical engineer or electrical engineer can't program, it's just that their focus is on their work, and the software is but a tool to accomplish those means. So the world of software has leapfrogged over PLC and automotive design and gone to run laps around it several times since the 90s. It's only in say the last 5 years or so that I've seen a cultural shift in controls towards embracing the modern realities of software, networking, security, version control, databases, etc.etc.etc.
I'm not going to go too much further into this, but this is why Software Engineering as a regulated profession is going to be a necessity as much as civil engineering or electrical engineering has been. The digital world is just too vast and complex now with so many pitfalls for those who only ride the edges can handle. And people's lives are starting to matter. It is no longer safe to treat security as secondary with an "oopsy" anymore. We don't tolerate bridge collapse or electrical design that can destroy livelihoods, why do we still tolerate hacks governing data and safety of public?
> Auto manufacturers need to become bona-fide software developers and take development, QA, cyber security, etc. far more serious than they have so far.
Follow the money.
Their core business depends on the sale of a manufactured good, software is not the product. Software in Automotive is a cost centre.
They will absolutely contract out to the lowest bidder (coincidently probably the least capable). Cost downs in BOMs/features are trimmed to the cent because they are manufacturing in volume so manufacturing cost per unit is King.
What we define as sane Software best practices™ is a result of an industry were Software or services via software are in fact the product.
Also people won't vote with their wallet because we absolutely post-rationalize features and UX in a car. Most people don't realize or won't admit how reptilian their decision process goes in buying a car it's 80% "do I like the looks of it" and 20% the price tag.
I hope regulators fine the hell out of these companies. Enough to make them think twice about offering these upload everything to the cloud services no one really asks for.
There's some really active community discussions around disabling the Data Collection Module, discussing everything from simply pulling the DCM fuse to disabling only the antenna.
If you pull the DCM fuse, you'll loose the microphone and potentially one of the right-hand speakers - these can be fixed by jumping the wires in/out of the DCM.
What's concerning to me are reports of the car still uploading all the collected data if you attach a cell phone to the radio's bluetooth. Apparently the car just relays all the info.
I kinda want to snoop that data and see what it is, at least collect the encrypted packets... but my car is from 2007 and has no connected features, so...
Unfortunately as far as I can tell it only actually stops after the "remote connect" trial period ends one year after you buy a new vehicle that opts you in automatically. There are probably ways to physically disable the data collection modules for this, if you're comfortable tearing apart your car's dash. https://www.tacomaworld.com/threads/2020-data-transmittal.63...
Does the California CCPA apply here? I've only seen it discussed for websites, but does it work for any company doing business in CA? Wondering if California residents could send a delete request to Toyota (and other companies like Samsung for data gathered by smart tvs).
If a lot of people start regularly sending CCPA delete requests to these companies maybe they will stop gathering this data.
Japanese auto completely missed the memo on software. Many of them won't make the ev transition. It's hard to imagine what Japanese economy is going to be like once their auto industry is gutted.
Dear lord. The fact they even had this much data means I'll never even think about buying a Toyota in future no matter how many grovelling apologies they issue now.
I used to have a Ford. Their app was generally good but I think all you need is the VIN to add a new car. Now you have the ability to track that car, lock the doors, remote start it, and so on.
All second-hand car buyers should get their car's app and activate their car on it to lock out all other sessions - hopefully.
I have an Audi from ~2017. Then, a few years ago, the 3G network was shut down in the US. Can't use the app to unlock the doors or check the car status. I think I prefer it like that. Interestingly, on the center console screen, it shows an LTE connection - must be for something else? Then why isn't the unlock/lock function over LTE? Who knows.
Fact of the matter: at this point if you’re buying anything with telemetry or cloud services, the only safe assumption is that your data may become public at some point in the future, with or without your knowledge.
Just once I'd like to see a company like this sued out of existence. It's not just that they are incompetent with customer data, it's that they essentially forced everyone to give them this info in the first place by default. What if you're an expatriate Chinese dissident? Maybe your ability to hide just got harder.
Does anyone have a guide to modding vehicles to prevent them from collecting data? I would be willing to snip the microphone in the cab and remove the gps receiver if I knew where it was.
Every major privacy disaster that does not lead to dramatic repercusions convinces CEO's (and the shareholders that pay their salaries and bonuses) that the "move fast and break things" strategy is the winning strategy.
The result is that that we are no more than five years away (at most) from the surveilance economy getting a terminal stranglehold on society.
You will not be able to buy a car that is not always dialing home, the same way you already cannot buy a mobile that is not always dialing home.
In any case you will not be buying a car. You'll be buying a subscription to a car, renewable annualy under certain (small-print) terms of service.
Cars will not work without some insurance conglomerate receiving all information it wants and trading your behavioral data in opaque insurance markets.
Cars could stop working at any point. A digital roadblock is much cheaper and more comprehensive that a physical roadblock.
Taking public transport was never private (its in the name after all) but this mobility mode too is getting deeply integrated in the surveillance economy: you will only be able to pay for a trip using identifying mobile devices.
The argument is that people "don't care" about the direction things are taking. This is the most evil argument ever advanced.
I hope jailbreaking and disabling this data collection becomes the norm in the future. It is obvious companies do not prioritize the security protecting our data.
It would be nice to know if this was a misconfigured AWS S3 bucket.
My money would be on that.
Companies are still learning this lesson, slowly and at all of our expense.
[+] [-] StillBored|2 years ago|reply
Am I dumb or are they? If you know someones home address, then all you need is a geo lookup, and a filter which selects for cars parked near that address at 3AM over some time period. Which then gives you the VIN and the entire location history, right? Sure you might get more than one car if the someone lives in a city and uses street parking but its still going to reduce down to just a handful of cars which can then be cross referenced against place of work, relatives, etc.
And of course home address lookup can be made with any number of public databases with little more than a name and maybe some additional filtering (age, city, phone number, etc).
[+] [-] jstarfish|2 years ago|reply
You are correct, but I can't imagine why anybody would go to that much trouble for a speculative answer. Your idea requires quite a bit of intelligence collection as well (relatives' addresses, addresses of known hangouts, etc. that you have to vet for accuracy).
If you have a confirmed home or work address, just go to their home or work and take a picture of the target VIN through the windshield.
[+] [-] jvanderbot|2 years ago|reply
You can read the VIN of neighbors and significant others pretty easy.
[+] [-] asdfman123|2 years ago|reply
I don't think you're wrong. I wonder what incentive bleepingcomputer has to make it seem not so bad.
[+] [-] hanoz|2 years ago|reply
[+] [-] yoaviram|2 years ago|reply
Given any dataset like this it is trivial to pick any entry and trace where is home and where is work thus de-anonymizing it. Conversely given any home or work addreas it's trivial to find all other related entries for the individual.
[+] [-] edejong|2 years ago|reply
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] osigurdson|2 years ago|reply
Of course it would all be incredibly boring to analyze. We can conclude that people live at a certain location, (dumbly for no good reason) drive to another one 5 times per week and go a few other places.
Sure you might be able to find the odd person that is doing something weird or illegal but if you already know location x1, y1 contains bad guys might as well just go there and arrest them instead of creepily analyzing data that you know you shouldn’t have.
[+] [-] albert_e|2 years ago|reply
[+] [-] JKCalhoun|2 years ago|reply
[+] [-] 14|2 years ago|reply
[+] [-] emodendroket|2 years ago|reply
[+] [-] batch12|2 years ago|reply
[+] [-] thewataccount|2 years ago|reply
Interior images, exterior images, facial geometry, voice recordings, location/driving data, "multimedia screen data",
https://www.toyota.com/privacyvts/
https://web.archive.org/web/20230512182022/https://www.toyot...
[+] [-] jeffbee|2 years ago|reply
The EULA for my Honda says that Honda can and will share all available data with itself and third parties, named and unnamed, for any or no reason.
[+] [-] short_sells_poo|2 years ago|reply
This is an absolutely unbelievable level of privacy intrusion IMO. I 100% support very heavily fining this sort of behavior, otherwise it will continue to proliferate.
[+] [-] dylan604|2 years ago|reply
[+] [-] sufehmi|2 years ago|reply
US lawmakers : you suck.
[+] [-] ren_engineer|2 years ago|reply
https://en.wikipedia.org/wiki/Vault_7
you have to wonder how many vehicle 0-days nation state actors have saved up for when they need them, even just displaying the ability would grind the country to a halt because people would be afraid to even drive
[+] [-] ThePowerOfFuet|2 years ago|reply
Ah, so only Americans are getting shafted.
[+] [-] jasmer|2 years ago|reply
If companies want to collect such personal data it should not be by default, and each clause should have to be independently validated by the customer including what data, how it's used, where stored, for how long, who it's shared with.
Nobody will accept basically so that says something about the asymmetry here.
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] ummonk|2 years ago|reply
[+] [-] beefee|2 years ago|reply
It would be great if there was some website that collected all the detailed instructions for removing the spy devices from different car models.
[+] [-] bryceacc|2 years ago|reply
edit: hah, should have just googled it first. looks like people are trying it out more now
https://www.ascentforums.com/threads/disabling-the-starlink-...
[+] [-] froh|2 years ago|reply
https://en.m.wikipedia.org/wiki/ECall
[+] [-] chasd00|2 years ago|reply
[+] [-] spieglt|2 years ago|reply
[+] [-] dapearce|2 years ago|reply
The data included timestamped GPS data, which has been demonstrated to be easy to de-anonymize.
[+] [-] SR2Z|2 years ago|reply
As far as I'm concerned, this is PII. That statement is a bald-faced lie and a state AG should bring charges over this - it's extraordinarily irresponsible for Toyota to collect this data and then leak it for TEN YEARS.
[+] [-] brk|2 years ago|reply
In-vehicle control systems are typically garbage.
Several hacks have been shown where vehicle data is exposed over cellular links, in some cases with remote attackers being able to actually control elements of the vehicle (eg: Jeep).
Software updates are rare, with manufacturers often trying to charge exorbitant amounts for basic updates.
Data breaches of various customer data, credentials, PII, etc. are repeated.
IMO we are at the point where in-vehice technology is a thing that is never going away. Auto manufacturers need to become bona-fide software developers and take development, QA, cyber security, etc. far more serious than they have so far.
[+] [-] TheCapn|2 years ago|reply
The dirty truth is often times these domains were designed and chiefly operated by non-software people. Not to say a mechanical engineer or electrical engineer can't program, it's just that their focus is on their work, and the software is but a tool to accomplish those means. So the world of software has leapfrogged over PLC and automotive design and gone to run laps around it several times since the 90s. It's only in say the last 5 years or so that I've seen a cultural shift in controls towards embracing the modern realities of software, networking, security, version control, databases, etc.etc.etc.
I'm not going to go too much further into this, but this is why Software Engineering as a regulated profession is going to be a necessity as much as civil engineering or electrical engineering has been. The digital world is just too vast and complex now with so many pitfalls for those who only ride the edges can handle. And people's lives are starting to matter. It is no longer safe to treat security as secondary with an "oopsy" anymore. We don't tolerate bridge collapse or electrical design that can destroy livelihoods, why do we still tolerate hacks governing data and safety of public?
[+] [-] DoingIsLearning|2 years ago|reply
Follow the money.
Their core business depends on the sale of a manufactured good, software is not the product. Software in Automotive is a cost centre.
They will absolutely contract out to the lowest bidder (coincidently probably the least capable). Cost downs in BOMs/features are trimmed to the cent because they are manufacturing in volume so manufacturing cost per unit is King.
What we define as sane Software best practices™ is a result of an industry were Software or services via software are in fact the product.
Also people won't vote with their wallet because we absolutely post-rationalize features and UX in a car. Most people don't realize or won't admit how reptilian their decision process goes in buying a car it's 80% "do I like the looks of it" and 20% the price tag.
[+] [-] tric|2 years ago|reply
I searched online for how to disable it, and found this question:
https://carkiller.com/scottykilmer/qa/how-to-permanently-dis...
These responses are typical:
"But you're still going to be traceable by your phone."
"...everyone, EVERYONE, on the planet has their information out there. There is no such thing as "off the grid." "
"your phone has sent more than enough info about you to every advertiser on Earth mord than the DCM will ever do."
Many people just don't care....
[+] [-] malikNF|2 years ago|reply
[+] [-] eulers_secret|2 years ago|reply
If you pull the DCM fuse, you'll loose the microphone and potentially one of the right-hand speakers - these can be fixed by jumping the wires in/out of the DCM.
What's concerning to me are reports of the car still uploading all the collected data if you attach a cell phone to the radio's bluetooth. Apparently the car just relays all the info.
I kinda want to snoop that data and see what it is, at least collect the encrypted packets... but my car is from 2007 and has no connected features, so...
[+] [-] swalling|2 years ago|reply
Unfortunately as far as I can tell it only actually stops after the "remote connect" trial period ends one year after you buy a new vehicle that opts you in automatically. There are probably ways to physically disable the data collection modules for this, if you're comfortable tearing apart your car's dash. https://www.tacomaworld.com/threads/2020-data-transmittal.63...
[+] [-] bit_logic|2 years ago|reply
If a lot of people start regularly sending CCPA delete requests to these companies maybe they will stop gathering this data.
[+] [-] zyang|2 years ago|reply
[+] [-] FredPret|2 years ago|reply
I used to have a Ford. Their app was generally good but I think all you need is the VIN to add a new car. Now you have the ability to track that car, lock the doors, remote start it, and so on.
All second-hand car buyers should get their car's app and activate their car on it to lock out all other sessions - hopefully.
[+] [-] poly_morphis|2 years ago|reply
[+] [-] mrobins|2 years ago|reply
[+] [-] UberFly|2 years ago|reply
[+] [-] jerry1979|2 years ago|reply
[+] [-] nologic01|2 years ago|reply
The result is that that we are no more than five years away (at most) from the surveilance economy getting a terminal stranglehold on society.
You will not be able to buy a car that is not always dialing home, the same way you already cannot buy a mobile that is not always dialing home.
In any case you will not be buying a car. You'll be buying a subscription to a car, renewable annualy under certain (small-print) terms of service.
Cars will not work without some insurance conglomerate receiving all information it wants and trading your behavioral data in opaque insurance markets.
Cars could stop working at any point. A digital roadblock is much cheaper and more comprehensive that a physical roadblock.
Taking public transport was never private (its in the name after all) but this mobility mode too is getting deeply integrated in the surveillance economy: you will only be able to pay for a trip using identifying mobile devices.
The argument is that people "don't care" about the direction things are taking. This is the most evil argument ever advanced.
[+] [-] Reptur|2 years ago|reply
[+] [-] meghan_rain|2 years ago|reply
[+] [-] discerning_|2 years ago|reply
[+] [-] greenie_beans|2 years ago|reply