REMOVE NOW!!!!!!!!!!!!!!!! ----- Original Message ----- From: "InfoSec News" <alerts_at_infosecnews.org> To: <isn_at_infosecnews.org> Sent: Tuesday, June 14, 2011 9:10 AM Subject: [ISN] Nissan car secretly shares driver data with websites > http://www.theregister.co.uk/2011/06/13/nissan_leaf_privacy_invasion/ > > By Dan Goodin > The Register > 13th June 2011 > > Electric cars manufactured by Nissan surreptitiously leak detailed > information about a driver's location, speed and destination to websites > accessed through the vehicle's built in RSS reader, a security blogger has > found. > > The Nissan Leaf is a 100-percent electric car that Nissan introduced seven > months ago. Among its many innovations is a GSM cellular connection that > lets drivers share a variety of real-time data about the car, including > its location, driving history, power consumption, and battery reserves. > Carwings, as the service is known, then provides a number of services > designed to support “eco-driving,” such as break downs of the vehicle's > energy efficiency based on comparisons with other owners. > > But according to Seattle-based blogger Casey Halverson, Carwings includes > the detailed data in all web requests the Nissan Leaf sends to third-party > servers that the driver has subscribed to through RSS, or real simple > syndication. Each time the driver accesses a given RSS feed, the car's > precise geographic coordinates, speed, and direction are sent in clear > text. The data will also include the driver's destination if it's > programmed in to the Leaf's navigation system, as well as data available > from the car's climate control settings. > > “All of these lovely values are being provided to any third party RSS > provider you configure: CNN, Fox News, Weather Channel, it doesn't > matter!” Halverson wrote here. “While a lot of these providers are > probably not aware of these (rather valuable) parameters the car passes, > they probably sit in thousands of HTTP logs already, waiting to be parsed > out – or perhaps supported in the future.” > > [...] > > -------------------------------------------------------------------------------- > ___________________________________________________________ > Tegatai Managed Colocation: Four Provider Blended > Tier-1 Bandwidth, Fortinet Universal Threat Management, > Natural Disaster Avoidance, Always-On Power Delivery > Network, Cisco Switches, SAS 70 Type II Datacenter. > Find peace of mind, Defend your Critical Infrastructure. > http://www.tegataiphoenix.com/ ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Tue Jun 14 2011 - 00:29:52 PDT
This archive was generated by hypermail 2.2.0 : Tue Jun 14 2011 - 00:35:19 PDT