[hshdhdhj4444]

https://transport.ec.europa.eu/transport-themes/smart-mobili...

Can you explain why these protections are not sufficient for privacy?

> 112 eCall is not a black box. It does not record constantly the position of the vehicle, it records only a few data to determine the position and direction of the vehicle just before the crash and these data are only transmitted to emergency call centers if there is a serious crash.

> eCall cannot be used to monitor motorist's moves. The SIM-card used to transmit the eCall data is dormant, i.e. it is only activated in case the vehicle has a serious accident (e.g. the airbag is activated).

[owenversteeg]

>112 eCall is not a black box. It does not record constantly the position of the vehicle, it records only a few data to determine the position and direction of the vehicle just before the crash and these data are only transmitted to emergency call centers if there is a serious crash.

That statement is factually inconsistent. Either 112 eCall incorporates a time travel device or it must constantly record the position and direction of the vehicle and other data. In theory, that data is then deleted, but you have no way to verify that it is - and it would only require a trivial, unnoticeable software update to modify this.

Thankfully, we're safe. Car software is notoriously high quality and rarely hacked. All governments are fully trustworthy, especially around espionage and privacy, and have a perfect track record of never lying to the public.

Look, the European Commission stated that it cannot be hacked; "hackers cannot take control of it", from ec.europa.eu. They built an unhackable device. I am not sure what you could be worried about. If the government tells you something cannot be hacked, then it cannot be hacked. Furthermore, none of the EU member states have been found using other infrastructure to violate privacy laws.

[cyberax]

> That statement is factually inconsistent.

It's not. It just stores the last speed/wheel position/brake state data that it receives when the "collision imminent" condition activates. In some cars this can be literally the same signal that deploys the airbags.

> Look, the European Commission stated that it cannot be hacked

Pretty much. It's just a normal LTE radio, that is normally inactive. It technically is hackable, but I'm not aware of any hacks of baseband firmware of this severity.

[owenversteeg]

Sorry, that's incorrect. I have actually read the law and its relevant standards. The standard requires at least two pre-accident locations to increase accuracy and other fields with pre-crash data are encouraged.

And come on. Car manufacturers, which are notorious producers of insecure software, are legally mandated to make an inexpensive device which includes an LTE radio and a connection to the vehicle buses, and you think that is... unhackable? I can't tell if you're trolling me, but your average blackhat only needs 1 of (shitty car OEM software/LTE radio/vehicle bus connected device) to break into a system. This system is a trifecta of hackable crap. To call that, of all devices, "unhackable" is priceless.

[cyberax]

The MSD (minimum set of data) is defined in: "CEN 15722 ESafety - ECall - Minimum Data Set".

The original standard version defined only one location datapoint, the more recent version defines two additional _optional_ points ("recentVehicleLocationN1", "recentVehicleLocationN2"). It also allows specifying the number of passengers.

The mandatory datapoints include the location and direction of the vehicle, but they can be acquired as needed.

> I can't tell if you're trolling me, but your average blackhat only needs 1 of (shitty car OEM software/LTE radio/vehicle bus connected device) to break into a system.

I'm not aware of black hats hacking into a modem that is passively tracking the mobile networks. It's theoretically possible, but I'm not aware of such feats.

[owenversteeg]

Sorry, your comment is incorrect again. The most recent version of CEN 15722 requires the two most recent locations before the incident location.

The modem does not have to passively track the mobile networks; it can do what it wants. The common OEM implementation these days is that the physical device that does eCall does several things, including eCall, over the same cellular radio. There's nothing stopping the OEM from connecting to a random website and eval()ing the result.

You seem confident in the security of this unhackable system so I will point out some of its other security weaknesses. Several eCall device implementations include Bluetooth modules (both "unused" as part of hardware and implementations that use Bluetooth.) Bluetooth is as secure as a wet cardboard box, so you could take BlueBorne or one of the six million other Bluetooth exploits that work on a non-discoverable device just sitting on the shelf, get in that way and boom, you can transmit whatever you want over the cellular radios. Vehicle infotainment systems are pretty insecure on average and are frequently hacked, so you could take over the infotainment system, get into the CAN bus that way and then send bad data to the eCall system, which is in the business of processing and responding to CAN data.

But those are just a few of the million ways; you could write up attacks all day long and you wouldn't scratch the surface. The facts are: this is a system with cellular radio(s), a CAN bus connection, sensors that constantly listen and interpret data; this is a large attack surface, built by OEMs that write notoriously insecure software. It is, by any reasonable judgment of those facts, a pretty hackable system. And yet, the European Commission goes around telling people that it "cannot" be hacked.

Anyway, this will be my third comment in a row here telling people that their comment is plain incorrect, so I'm going to have to leave the discussion here. I hope that my words provide some food for thought - for the next time that a system that could track you becomes legally mandatory.

[cyberax]

> Sorry, your comment is incorrect again. The most recent version of CEN 15722 requires the two most recent locations before the incident location.

I have the standard open, and I don't see it.

> The modem does not have to passively track the mobile networks; it can do what it wants.

Sure. So just choose an automaker that doesn't provide data subscription services and/or don't pay for them. The eCall requirement in itself doesn't require tracking.

[PaulDavisThe1st]

Because you have to just believe that they are followed, and cannot verify it.

[rustcleaner]

Your privacy should not rely on the government's "trust me bro" and it's like we forgot about China owning SS7 last year lol. No, it is plainly obvious to me that the mandate for eCall and the lack of an owner off switch for it is for nannying and surveillance FULL STOP. No option to opt out must be treated the same as the violations to privacy they are attempting to pre-construct the conditions for.

[fucker42069]

Well, for starters, the SIM card in the eCall system is only needed to receive a callback from the 112 service if the call drops, which the system automatically picks up. You can actually dial 112 without a SIM card in your phone, as a GSM device without one can still connect to nearby radio towers in a "limited-service set," better known as "emergency calls only."

I know some carriers have strange quirks in their SIM provisioning systems. For instance, it may take more than a few minutes or require a specific type of coverage (like UMTS) for an otherwise "dormant" SIM card to activate from limited service on short notice.

I found an article about eCall Callback that confirms this is a known problem: https://eena.org/blog/resolving-the-ecall-callback-issue/