[owenversteeg]

Sorry, that's incorrect. I have actually read the law and its relevant standards. The standard requires at least two pre-accident locations to increase accuracy and other fields with pre-crash data are encouraged.

And come on. Car manufacturers, which are notorious producers of insecure software, are legally mandated to make an inexpensive device which includes an LTE radio and a connection to the vehicle buses, and you think that is... unhackable? I can't tell if you're trolling me, but your average blackhat only needs 1 of (shitty car OEM software/LTE radio/vehicle bus connected device) to break into a system. This system is a trifecta of hackable crap. To call that, of all devices, "unhackable" is priceless.

[cyberax]

The MSD (minimum set of data) is defined in: "CEN 15722 ESafety - ECall - Minimum Data Set".

The original standard version defined only one location datapoint, the more recent version defines two additional _optional_ points ("recentVehicleLocationN1", "recentVehicleLocationN2"). It also allows specifying the number of passengers.

The mandatory datapoints include the location and direction of the vehicle, but they can be acquired as needed.

> I can't tell if you're trolling me, but your average blackhat only needs 1 of (shitty car OEM software/LTE radio/vehicle bus connected device) to break into a system.

I'm not aware of black hats hacking into a modem that is passively tracking the mobile networks. It's theoretically possible, but I'm not aware of such feats.

[owenversteeg]

Sorry, your comment is incorrect again. The most recent version of CEN 15722 requires the two most recent locations before the incident location.

The modem does not have to passively track the mobile networks; it can do what it wants. The common OEM implementation these days is that the physical device that does eCall does several things, including eCall, over the same cellular radio. There's nothing stopping the OEM from connecting to a random website and eval()ing the result.

You seem confident in the security of this unhackable system so I will point out some of its other security weaknesses. Several eCall device implementations include Bluetooth modules (both "unused" as part of hardware and implementations that use Bluetooth.) Bluetooth is as secure as a wet cardboard box, so you could take BlueBorne or one of the six million other Bluetooth exploits that work on a non-discoverable device just sitting on the shelf, get in that way and boom, you can transmit whatever you want over the cellular radios. Vehicle infotainment systems are pretty insecure on average and are frequently hacked, so you could take over the infotainment system, get into the CAN bus that way and then send bad data to the eCall system, which is in the business of processing and responding to CAN data.

But those are just a few of the million ways; you could write up attacks all day long and you wouldn't scratch the surface. The facts are: this is a system with cellular radio(s), a CAN bus connection, sensors that constantly listen and interpret data; this is a large attack surface, built by OEMs that write notoriously insecure software. It is, by any reasonable judgment of those facts, a pretty hackable system. And yet, the European Commission goes around telling people that it "cannot" be hacked.

Anyway, this will be my third comment in a row here telling people that their comment is plain incorrect, so I'm going to have to leave the discussion here. I hope that my words provide some food for thought - for the next time that a system that could track you becomes legally mandatory.

[cyberax]

> Sorry, your comment is incorrect again. The most recent version of CEN 15722 requires the two most recent locations before the incident location.

I have the standard open, and I don't see it.

> The modem does not have to passively track the mobile networks; it can do what it wants.

Sure. So just choose an automaker that doesn't provide data subscription services and/or don't pay for them. The eCall requirement in itself doesn't require tracking.

[owenversteeg]

I can't believe I'm still responding to this, but your comment is incorrect. Again. If you are reading a version of CEN 15722 where the two most recent locations before the incident location are not required, then you are reading an outdated version from over a decade ago, which has been withdrawn in favor of a more recent version for some years now. The year is displayed prominently on every page of the standard, and the validity is _required_ to be indicated before you even open it, so I have some doubts if this is a genuine mistake.

It's been a while since I've seen the pro-surveillance argument of "well, you can just do this uncommon or difficult thing if you want to evade surveillance!" In several European markets, for several vehicle types, there _are_ no vehicles without OEM-connected cellular radios. Some OEMs don't even advertise it; it is used for activating features, or "security." Other OEMs will not _fully_ disable cellular connectivity even if you stop paying. If you're an OEM mandated by EU law to include a cellular modem and a location recording device, you might as well make some use of that - and they do.