Information Security News mailing list archives

Re: Nissan car secretly shares driver data with websites

From: "Cloude \"Freggy\"" <freggy () fastwebnet it>
Date: Tue, 14 Jun 2011 09:29:52 +0200

REMOVE NOW!!!!!!!!!!!!!!!!

----- Original Message -----From: "InfoSec News" <alerts () infosecnews org>

To: <isn () infosecnews org>
Sent: Tuesday, June 14, 2011 9:10 AM
Subject: [ISN] Nissan car secretly shares driver data with websites

http://www.theregister.co.uk/2011/06/13/nissan_leaf_privacy_invasion/

By Dan Goodin
The Register
13th June 2011

Electric cars manufactured by Nissan surreptitiously leak detailed
information about a driver's location, speed and destination to websites
accessed through the vehicle's built in RSS reader, a security blogger has
found.

The Nissan Leaf is a 100-percent electric car that Nissan introduced seven
months ago. Among its many innovations is a GSM cellular connection that
lets drivers share a variety of real-time data about the car, including
its location, driving history, power consumption, and battery reserves.
Carwings, as the service is known, then provides a number of services
designed to support “eco-driving,” such as break downs of the vehicle's
energy efficiency based on comparisons with other owners.

But according to Seattle-based blogger Casey Halverson, Carwings includes
the detailed data in all web requests the Nissan Leaf sends to third-party
servers that the driver has subscribed to through RSS, or real simple
syndication. Each time the driver accesses a given RSS feed, the car's
precise geographic coordinates, speed, and direction are sent in clear
text. The data will also include the driver's destination if it's
programmed in to the Leaf's navigation system, as well as data available
from the car's climate control settings.

“All of these lovely values are being provided to any third party RSS
provider you configure: CNN, Fox News, Weather Channel, it doesn't
matter!” Halverson wrote here. “While a lot of these providers are
probably not aware of these (rather valuable) parameters the car passes,
they probably sit in thousands of HTTP logs already, waiting to be parsed
out – or perhaps supported in the future.”

[...]



--------------------------------------------------------------------------------

___________________________________________________________
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.

http://www.tegataiphoenix.com/


___________________________________________________________
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/

Current thread:

Nissan car secretly shares driver data with websites InfoSec News (Jun 14)
- Re: Nissan car secretly shares driver data with websites Cloude "Freggy" (Jun 14)