The Equifax hack could be worse than we thought

In its original announcement of the hack, the company had revealed that some driver’s license numbers were exposed. The new documents show that the license state and issue date might have also been compromised.

Equifax spokesperson Meredith Griffanti told CNNMoney Friday that the original list of vulnerable personal information was never intended to represent the full list of potentiality exposed information.

The new documents now raise questions of how much information hackers may have accessed in Equifax’s cyberattack.

Source: The Equifax hack could be worse than we thought – Feb. 9, 2018

Wish you could log into someone’s Netgear box without a password? Summon a &genie=1 – get patching!

Some 17 Netgear routers have a remote authentication bypass, meaning malware or miscreants on your network, or able to reach the device’s web-based configuration interface from the internet, can gain control without having to provide a password. Just stick &genie=1 in the URL, and bingo.

That’s pretty bad news for any vulnerable gateways with remote configuration access enabled, as anyone on the internet can exploit the cockup to take over the router, change its DNS settings, redirect browsers to malicious sites, and so on.

Another 17 Netgear routers – with some crossover with the above issue – have a similar bug, in that the genie_restoring.cgi script, provided by the box’s built-in web server, can be abused to extract files and passwords from its filesystem in flash storage – it can even be used to pull files from USB sticks plugged into the router.

Other models have less severe problems that still need patching just in case. For example, after pressing the Wi-Fi Protected Setup button, six of Netgear’s routers open up a two-minute window during which an attacker can potentially execute arbitrary code on the router as root over the air.

Source: Wish you could log into someone’s Netgear box without a password? Summon a &genie=1 • The Register

Robot learns to mimic simple human motions

Researchers from the University of California, Berkeley, in the USA, have made some progress on this front by teaching code controlling a robot arm and hand to perform three tasks: grabbing an object and placing it in a specific position; pushing an object; and pushing and pulling an object after seeing the same action performed by a human arm.

Think picking up stuff, such as a toy, and placing it on a box, pushing a little car along a table, and so on.

The technique, described in a paper out this week, has been dubbed “one-shot imitation.” And, yes, it requires a lot of training before it can start copycatting people on demand. The idea is to educate the code to the point where it can immediately recognize movements, or similar movements, from its training, and replay them.

A few thousand videos depicting a human arm and a robot arm completing movements and actions are used to prime the control software. The same actions are repeated using different backgrounds, lighting effects, objects, and human arms to increase the depth of the machine-learning model’s awareness of how the limbs generally operate, and thus increase the chances of the robot successfully imitating a person on the fly.

Source: Is that you, T-1000? No, just a lil robot that can mimic humans on sight • The Register

SpaceX Roadster skips Mars, steers to asteroids, central core booster explodes

During a press conference after liftoff, Musk said it was dicey whether the second stage would power up at all. The fuel could have frozen, the oxygen boiled off, or the avionics failed, as the rocket spent more than five hours in our planet’s high-radiation Van Allen belts before firing up.

Usually spacecraft punch through the belts as quickly as possible to minimize the risk of damage. After hours of charged particles bombarding the podule, it still worked just fine. Ish. Maybe it was performing a touching tribute to Tesla’s autopilot software.

The payload was supposed to get into an orbit around the Sun, and skim Mars. Instead, the car will whiz past the Red Planet by a much larger margin than expected and zoom off out toward the asteroid belt. T
Musk explained what went wrong with the attempted landing of the Falcon Heavy’s central core. The booster was trying to land on the floating autonomous barge Of Course I Still Love You when it suffered a “rapid, unscheduled disassembly,” to use SpaceX’s term for crashed and burned.

According to Musk, the booster had enough main fuel to make the landing, but it ran out of the triethylaluminum and triethylborane (TEA-TEB) fuel that is used to reignite the rocket engines, which are needed to control the rate of descent. Its central motor lit up, but the two other engines didn’t.

The result was that the booster came down too fast and off target. It hit the Atlantic ocean at about 300 MPH 100 metres from the barge, and disintegrated, damaging two of the sea vessel’s four thrusters, which are used to keep the ship in position.

Source: What did we say about Tesla’s self-driving tech? SpaceX Roadster skips Mars, steers to asteroids • The Register

Typical Tesla!

The House That Spied on Me: living in a smart home

In December, I converted my one-bedroom apartment in San Francisco into a “smart home.” I connected as many of my appliances and belongings as I could to the internet: an Amazon Echo, my lights, my coffee maker, my baby monitor, my kid’s toys, my vacuum, my TV, my toothbrush, a photo frame, a sex toy, and even my bed.

Source: The House That Spied on Me

It’s a good story on the privacy and especially the practicality of living in a smart home.

I recognise quite a lot in that much of it is quite a bit of hassle, especially trying to get it working the way you want it to!

Cheddar Man: Britains’ first men were black. And so were Europes’.

New research into ancient DNA extracted from the skeleton has helped scientists to build a portrait of Cheddar Man and his life in Mesolithic Britain.The biggest surprise, perhaps, is that some of the earliest modern human inhabitants of Britain may not have looked the way you might expect.Dr Tom Booth is a postdoctoral researcher working closely with the Museum’s human remains collection to investigate human adaptation to changing environments.’Until recently it was always assumed that humans quickly adapted to have paler skin after entering Europe about 45,000 years ago,’ says Tom. ‘Pale skin is better at absorbing UV light and helps humans avoid vitamin D deficiency in climates with less sunlight.’However, Cheddar Man has the genetic markers of skin pigmentation usually associated with sub-Saharan Africa.This discovery is consistent with a number of other Mesolithic human remains discovered throughout Europe.

Source: Cheddar Man: Mesolithic Britain’s blue-eyed boy | Natural History Museum

PinMe: Tracking a Smartphone User around the World with GPS and WiFi off

We describe PinMe, a novel user-location mechanism that exploits non-sensory/sensory data stored on the smartphone, e.g., the environment’s air pressure, along with publicly-available auxiliary information, e.g., elevation maps, to estimate the user’s location when all location services, e.g., GPS, are turned off.

Source: [1802.01468] PinMe: Tracking a Smartphone User around the World

The gender pay gap at Uber is small and has a reason

Specifically, the study stated, drivers who make runs for Uber more frequently are more likely to know where and when to operate in order to get the highest-paying fares.

Thus, because women, on average, spend less time driving for Uber than their male counterparts, they are less likely to be around to grab the highest-paying fares.

“Men’s willingness to supply more hours per week (enabling them to earn more) and to target the most profitable locations shows that women continue to pay a cost for working reduced hours each week, even with no convexity in the hours-earning schedule,” the research team stated.

The study, which was based on data collected from 1,877,252 drivers operating in America from January 2015 to March 2017, examined factors including average hours worked per week, money earned over the whole week, and money earned per hour.
Overall, the gang concluded that those who drove an Uber car more often were able to make more per trip, and because on average the men surveyed drove 50 per cent more often, they were able to get on average $21.28 (£15.23) per hour compared to $20.04 (£14.35) logged by their female counterparts.

With more time driving, we’re told, comes a better idea of when and where the best fares are to be expected.
“A driver with more than 2,500 lifetime trips completed earns 14 per cent more per hour than a driver who has completed fewer than 100 trips in her time on the platform, in part because she learns where to drive, when to drive, and how to strategically cancel and accept trips.”

At least one other factor was cited in the gap: speed.

The study found that while driving for Uber, men tended to drive around 2.2 per cent faster than women. This meant that, over the long haul, they were able to rack up a few extra trips and make a bit more money.

“Increasing speed increases expected driver earnings in almost all Uber settings,” the research team concluded.

Source: Uber: Ah yeah, we pay women drivers less than men. We can explain!

Bug in Grammarly browser extension exposes virtually everything a user ever writes

The Grammarly browser extension, which has about 22 million users, exposes its authentication tokens to all websites, allowing any to access all the user’s data without permission, according to a bug report from Google Project Zero’s Tavis Ormandy.

The high-severity bug was discovered on Friday and fixed early Monday morning, “a really impressive response time,” Ormandy wrote.

Grammarly, launched in 2009 by Ukrainian developers, looks at all messages, documents and social media posts and attempts to clean up errors so the user is left with the clearest English possible. The browser extension has access to virtually everything a user types, and therefore an attacker could access a huge trove of private data.

Exploitation is as simple as a couple of console commands granting full access to everything, as Ormandy explained. The company has no evidence that the vulnerability was exploited.

The vulnerability affected Chrome and Firefox. Updates are now available for both browsers.

Source: Bug in Grammarly browser extension exposes virtually everything a user ever writes

Japan successfully launches world’s smallest satellite-carrying rocket

KAGOSHIMA – Japan successfully launched on Saturday the world’s smallest satellite-carrying rocket following a failed attempt in January last year, the nation’s space agency said.

The rocket about the size of a utility pole, measuring 10 meters in length and 50 centimeters in diameter, lifted off from the Uchinoura Space Center in Kagoshima Prefecture and delivered its payload to its intended orbit, according to the Japan Aerospace Exploration Agency.

The No. 5 vehicle of the SS-520 series carried a microsatellite weighing about 3 kilograms developed by the University of Tokyo to collect imagery of the Earth’s surface.

The launch was aimed at verifying JAXA’s technology used to launch small rockets made with commercially available components at lower cost amid growing global demand for microsatellites. The agency used components found in home electronics and smartphones for the rocket.

JAXA launched the No. 4 vehicle on Jan. 15 last year, but terminated its flight shortly after liftoff due to a communications problem. The agency found that vibrations during liftoff caused a short circuit, leading to a loss of power in the data transmitter.

For Saturday’s launch, the agency made more than 40 improvements to prevent a recurrence.

Source: Japan successfully launches world’s smallest satellite-carrying rocket | The Japan Times

Exoplanets from another galaxy spotted

The Kepler Space Telescope has found oodles of exoplants, but now astroboffins have spotted the first exoplanets outside our galaxy.

A group of astroboffins from the University of Oklahoma has become the first to demonstrate exoplanet observations in another galaxy – one that’s 3.8 billion light years away, or one-third of the distance across the observable universe.

The discovery by a team led by professor Xinyu Dai and postdoc Eduardo Guerras, found the planets’ signatures in the spectrum of a gravitationally-microlensed galaxy behind the black hole quasar RXJ 1131−1231.

Gravitational microlensing refers to the phenomenon, predicted by Einstein, that gravity can bend light, resulting in an apparent magnification if the bodies are aligned the right way (from the point of view of the observer).

As the university explains, they believe the planets range in estimated mass from about the size of the moon, through to Jupiter-sized.

Their paper, published in Astrophysical Journal Letters and available here at the arXiv pre-print service, explains that the unbound planets they saw caused “Fe Kα line energy shifts” in the spectrum of RXJ 1131−1231.

They found the line shifts in Chandra X-ray Observatory images of the quasar, and in the paper said what they observed “has never been observed in a non-lensed AGN” [active galactic nucleus – El Reg].

The paper also explains that the researchers focussed on unbounded planets – that is, planets wandering around their galaxies rather than being part of a solar system – because planets orbiting stars don’t show up separately from their hosts.

There are around 2,000 moon-to-Jupiter sized planets for each main sequence star in their observations, the researchers wrote, which equates to trillions of stars per galaxy.

Source: Exoplanets from another galaxy spotted – take that, Kepler fatigue! • The Register

Intel’s new Vaunt smart glasses actually look good

There is no camera to creep people out, no button to push, no gesture area to swipe, no glowing LCD screen, no weird arm floating in front of the lens, no speaker, and no microphone (for now).

From the outside, the Vaunt glasses look just like eyeglasses. When you’re wearing them, you see a stream of information on what looks like a screen — but it’s actually being projected onto your retina.

The prototypes I wore in December also felt virtually indistinguishable from regular glasses. They come in several styles, work with prescriptions, and can be worn comfortably all day. Apart from a tiny red glimmer that’s occasionally visible on the right lens, people around you might not even know you’re wearing smart glasses.

Like Google Glass did five years ago, Vaunt will launch an “early access program” for developers later this year. But Intel’s goals are different than Google’s. Instead of trying to convince us we could change our lives for a head-worn display, Intel is trying to change the head-worn display to fit our lives.

Source: Exclusive: Intel’s new Vaunt smart glasses actually look good – The Verge

Can’t login to Skype? You’re not alone. Chat app’s been a bit crap for five days now

A bunch of Skype users are unhappy that they’re been unable to sign into the VoIP service for several days.The yakkity-yak app has fallen flat since January 24, leaving a number of punters with two-factor authentication enabled unable to get back into the software after signing out.”Skype users who are signed in are not affected,” Reg reader C. F. Heyns told us today. “Anyone signing out has almost no chance of getting back in.”

Source: Can’t login to Skype? You’re not alone. Chat app’s been a bit crap for five days now • The Register

Crooks make US ATMs spew million-plus bucks in ‘jackpotting’ hacks

ash machines in the US are being hacked to spew hundreds of dollar bills – a type of theft dubbed “jackpotting” because the ATMs look like slot machines paying out winnings.A gang of miscreants have managed to steal more than $1m from ATMs using this attack, according to a senior US Secret Service official speaking to Reuters on Monday.Typically, crooks inject malware into an ATM to make it rapidly dole out large sums of money that doesn’t belong to the thieves. Anyone aware of the work by security researcher Barnaby Jack – who almost 10 years ago revealed various ways to force cash machines to cough up cash on demand – will know of jackpotting.


Since 2013, if not earlier, Ploutus has been a favorite of Mexican banditos raiding cash machines, as previous Reg stories document. Viewed from this perspective, the main surprise today is that it’s taken so long for the scam to surface north of the border, moving from Mexico to the United States.

To get Ploutus into an ATM, the crooks have to gain physical access to the box’s internals to swap its computer hard drive for an infected one. Once the disk is in place and the ATM rebooted, the villains have full control over the device, allowing them to order it to dispense the contents of its cartridges of dollar bills.

Source: Crooks make US ATMs spew million-plus bucks in ‘jackpotting’ hacks • The Register

Maybe you should’ve stuck with NetWare: Hijackers can bypass Active Directory controls

“The idea of a rogue domain controller is not new and has been mentioned multiple times in previous security publications but required invasive techniques (like installing a virtual machine with Windows Server) and to log on a regular domain controller (DC) to promote the VM into a DC for the targeted domain.”That’s easily spotted, so Delsalle wrote that the attack described by Delpy and Le Toux has to “modify the targeted AD infrastructure database to authorise the rogue server to be part of the replication process.”

Source: Maybe you should’ve stuck with NetWare: Hijackers can bypass Active Directory controls • The Register mass data slurping ruled illegal – AGAIN

In a judgment handed down this morning, judges backed a challenge brought by deputy Labour leader Tom Watson in a long-running battle against state surveillance rules.These laws allow for ISPs and telcos to retain communications data for up to a year and for public authorities to get access to this information. But campaigners have argued it fails to properly restrict this retention and access.Today’s ruling refers to the Data Retention and Investigatory Powers Act, which expired at the end of 2016, but will have significant implications for its successor, the Investigatory Powers Act.The so-called Snoopers’ Charter was already under pressure following a landmark 2016 ruling from the Court of Justice of the European Union, and today’s judgment adds weight to this.In the document, the judges also note: “As [Ben] Jaffey QC, on behalf of the first respondent, pointed out in the course of his oral submissions, that the fact that DRIPA has been repealed does not make this a pointless exercise”.Their ruling was that DRIPA “was inconsistent with EU law” because it did not limit access to retained communications data solely to the purpose of fighting serious crime.It also broke the law because police forces and public authorities could themselves grant access to retained data – rather than access being subject to prior review by a court or an independent administrative authority.

Source: mass data slurping ruled illegal – AGAIN • The Register

Especially the last bit: rather than access being subject to prior review by a court or an independent administrative authority.

Come on! How hard is it to ask a judge after proving some sort of probable cause? It’s investigation that gets the bad guys. Not being a police state.

AutoSploit searches shodan for weak machines and metasploit to hack them for you the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets are collected automatically as well by employing the API. The program allows the user to enter their platform specific search query such as; Apache, IIS, etc, upon which a list of candidates will be retrieved.

After this operation has been completed the ‘Exploit’ component of the program will go about the business of attempting to exploit these targets by running a series of Metasploit modules against them. Which Metasploit modules will be employed in this manner is determined by programatically comparing the name of the module to the initial search query. However, I have added functionality to run all available modules against the targets in a ‘Hail Mary’ type of attack as well.

The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host and local port for MSF facilitated back connections are configured through the dialog that comes up before the ‘Exploit’ component is started.

Stupid Truck Driver Drove Right Over the Nazca Lines

Argentine newspaper Clarín reports that the driver said he didn’t know the area because he had never traveled there before and that he left the road because of a mechanical problem. The newspaper speculated that the driver actually drove off the Pan-American Highway to avoid paying a toll.

Flores Vigo left tire tracks in a football field-sized area of the geoglyphs, damaging three of them. Peruvian authorities released him, as they didn’t have evidence that he’d done it intentionally.
Artists from pre-Hispanic Peruvian societies between 500BC and 500AD created the massive drawings by removing the top layer of darker rock to reveal the lighter earth below, according to UNESCO. The dry desert environment has allowed the markings to remain for 2,000 years.

This isn’t the first time stupidity has led to someone damaging the lines. Greenpeace performed a stunt back in 2014 in which they laid large pieces of yellow cloth on the lines. I ignore Greenpeace canvassers on the street to this day, for this reason.

Source: Stupid Truck Driver Drove Right Over the Nazca Lines

Japanese cryptocurrency exchange loses more than $500 million to hackers

Coincheck said that around 523 million of the exchange’s NEM coins were sent to another account around 3 a.m. local time (1 p.m. ET Thursday), according to a Google translation of a Japanese transcript of the Friday press conference from Logmi. The exchange has about 6 percent of yen-bitcoin trading, ranking fourth by market share on CryptoCompare.

The stolen NEM coins were worth about 58 billion yen at the time of detection, or roughly $534.8 million, according to the exchange. Coincheck subsequently restricted withdrawals of all currencies, including yen, and trading of cryptocurrencies other than bitcoin.

Bloomberg first reported the hack. A CNBC email sent to Coincheck’s listed address bounced back.

Cryptocurrency NEM, which intends to help businesses handle data digitally, briefly fell more than 20 percent Friday before recovering to trade about 10 percent lower near 85 cents, according to CoinMarketCap. Most other major digital currencies, including bitcoin, traded little changed on the day.

Source: Japanese cryptocurrency exchange loses more than $500 million to hackers

Lenovo Fingerprint Manager Pro for Windows has a hardcoded password

A vulnerability has been identified in Lenovo Fingerprint Manager Pro. Sensitive data stored by Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in.

Source: Lenovo Fingerprint Manager Pro for Windows 7, 8, and 8.1 only (not 10) Insecure Credential Storage

Heat Map Released by Fitness Tracker Reveals Location of Secret Military Bases

Strava which markets itself as a “social-networking app for athletes” publicly made available the global heat map, showing the location of all the rides, runs, swims, and downhills taken by its users, as collected by their smartphones and wearable devices like Fitbit.

Since Strava has been designed to track users’ routes and locations, IUCA analyst Nathan Ruser revealed that the app might have unintentionally mapped out the location of some of the military forces around the world, especially some secret ones from the United States.

With a total of one billion activities logged on the Strava’s activity map, it is a whole lot of useful data from all over the world.

Although Strava’s publicly available activity map was live as of November 2017, Ruser recently noticed that the map includes the fitness routes of army soldiers and agents in secret base locations, including U.S. military bases in Afghanistan and Syria, a suspected CIA base in Somalia and even Area 51.

Source: Heat Map Released by Fitness Tracker Reveals Location of Secret Military Bases

NASA’s Long Dead (since 2007) ‘IMAGE’ Satellite is Alive! – how satellite hunters go to work.

Over the past week the station has been dedicated to an S-band scan looking for new targets and refreshing the frequency list, triggered by the recent launch of the mysterious ZUMA mission. This tends to be a semi-annual activity as it can eat up a lot of observing resources even with much of the data gathering automated the data reviewing is tedious.

Upon reviewing the data from January 20, 2018, I noticed a curve consistent with an satellite in High Earth Orbit (HEO) on 2275.905MHz, darn not ZUMA… This is not uncommon during these searches. So I set to work to identify the source.

A quick identity scan using ‘strf’ (sat tools rf) revealed the signal to come from 2000-017A, 26113, called IMAGE.
So what was IMAGE? I did a little Googling and discovered that it had been ‘Lost in Space’ since December 18, 2005 after just dropping off the grid suddenly. The mission was designed to image the magnetosphere, more details about that can be found in the press kit.

NASA considered the spacecraft a total loss due to a design flaw that manifested while the spacecraft was in its extended mission. The NASA failure review did however conclude that it was possible for the spacecraft to be revived by permitting a ‘Transponder SSPC reset’ after it passed through eclipse in 2007. One must assume that didn’t occur in 2007 and they gave up.
Periodically the spacecraft will enter an eclipse and NASA surmised that this may trigger it to restart and apply power back to the communications system. That appears to have happened! As you will note from the plots below the Sun angles are presently good for IMAGE and it may just stay operational for some time to come.

Source: NASA’s Long Dead ‘IMAGE’ Satellite is Alive! – Riddles in the Sky

Dutch agencies provide crucial intel about Russia’s interference in US-elections, US burns the Dutch source

The Cozy Bear hackers are in a space in a university building near the Red Square. The group’s composition varies, usually about ten people are active. The entrance is in a curved hallway. A security camera records who enters and who exits the room. The AIVD hackers manage to gain access to that camera. Not only can the intelligence service now see what the Russians are doing, they can also see who’s doing it. Pictures are taken of every visitor. In Zoetermeer, these pictures are analyzed and compared to known Russian spies.

The Dutch access to the Russian hackers’ network soon pays off. In November, the Russians prepare for an attack on one of their prime targets: the American State Department. By now, they’ve obtained e-mail addresses and the login credentials of several civil servants. They manage to enter the non-classified part of the computer network.

The AIVD and her military counterpart MIVD inform the NSA-liaison at the American embassy in The Hague. He immediately alerts the different American intelligence services.

What follows is a rare battle between the attackers, who are attempting to further infiltrate the State Department, and its defenders, FBI and NSA teams – with clues and intelligence provided by the Dutch. This battle lasts 24 hours, according to American media.

The Russians are extremely aggressive but do not know they’re being spied on. Thanks to the Dutch spies, the NSA and FBI are able to counter the enemy with enormous speed. The Dutch intel is so crucial that the NSA opens a direct line with Zoetermeer, to get the information to the United States as soon as possible.
President elect Donald Trump categorically refuses to explicitly acknowledge the Russian interference. It would tarnish the gleam of his electoral victory. He has also frequently praised Russia, and president Putin in particular. This is one of the reasons the American intelligence services eagerly leak information: to prove that the Russians did in fact interfere with the elections. And that is why intelligence services have told American media about the amazing access of a ‘western ally’.

This has led to anger in Zoetermeer and The Hague. Some Dutchmen even feel betrayed. It’s absolutely not done to reveal the methods of a friendly intelligence service, especially if you’re benefiting from their intelligence. But no matter how vehemently the heads of the AIVD and MIVD express their displeasure, they don’t feel understood by the Americans. It’s made the AIVD and MIVD a lot more cautious when it comes to sharing intelligence. They’ve become increasingly suspicious since Trump was elected president.

The AIVD hackers are no longer in Cozy Bear’s computer network. The Dutch espionage lasted between 1 and 2,5 years. Hacker groups frequently change their methods and even a different firewall can cut off access.

Source: Dutch agencies provide crucial intel about Russia’s interference in US-elections – Tech – Voor nieuws, achtergronden en columns

Hackers Hijacking CPUs to Mine Cryptocurrency Have Now Invaded YouTube Ads

As Ars Technica first reported on Friday, users on social media started complaining earlier this week that YouTube ads were triggering their anti-virus software. Specifically, the software was recognizing a script from a service called CoinHive. The script was originally released as a sort of altruistic idea that would allow sites to make a little extra income by putting a visitor’s CPU processing power to use by mining a cryptocurrency called Monero. This could be used ethically as long as a site notifies its visitors of what’s happening and doesn’t get so greedy with the CPU usage that it crashes a visitor’s computer. In the case of YouTube’s ads running the script, they were reportedly using up to 80 percent of the CPU and neither YouTube nor the user were told what was happening.

Source: Hackers Hijacking CPUs to Mine Cryptocurrency Have Now Invaded YouTube Ads

Thanks to “consent” buried deep in sales agreements, car manufacturers are tracking tens of millions of US and EU cars

Millions of new cars sold in the US and Europe are “connected,” having some mechanism for exchanging data with their manufacturers after the cars are sold; these cars stream or batch-upload location data and other telemetry to their manufacturers, who argue that they are allowed to do virtually anything they want with this data, thanks to the “explicit consent” of the car owners — who signed a lengthy contract at purchase time that contained a vague and misleading clause deep in its fine-print.

Car manufacturers are mostly warehousing this data (leaving it vulnerable to leaks and breaches, search-warrants, government hacking and unethical employee snooping), and can’t articulate why they’re saving it or how they use it.

Much of this data ends up in “marketplaces” where data-sets from multiple auto-makers are merged, made uniform, and given identifiers that allow them to be cross-referenced with the massive corporate data-sets that already exist, and then offered on the open market to any bidder.

Source: Thanks to “consent” buried deep in sales agreements, car manufacturers are tracking tens of millions of US cars / Boing Boing

Skip to toolbar