Security Breach: iPhone App Releases Private Data of Electric Car Owners
Vintage Electric Cars Benefit From New Electric Car Sales Too
If you’re in the market for an electric car, the chances are you’ve resigned yourself... Read More
- #7LEADERBOARD RANK
- 1083ARTICLES CONTRIBUTED
- 21COMMENTS POSTED
Add to circle
Also See
-
Better Place Electric-Car Battery Swapping...
-
BMW ActiveE: Extended Drive Report (Video)
-
Infiniti LE Concept Electric Sedan: New York...
See more video »
For as long as electric cars have been on the roads of the world, people have needed to find a place to plug in.
So what happens when a company obtains and publishes details of several hundred addresses and contact details for a privately-run and moderated peer-to-peer charging network?
That’s exactly what has happened in the U.K., when information held on the privately-run EV-Network.org became publicly available on both a website and an iPhone application.
Enter Plugsurfing. Ran by e-xite Ltd, the website came under criticism yesterday after several EV-Network members alleged that PlugSurfing was publishing their personal details on both its website and via its newly-released iPhone application as if they were publicly accessible charging stations.
As more people complained, it became apparent that Plugsurfing’s data was the same as the data on the EV-Network.
Under the original EV-Network membership, electric car owners agree to give their own private address to other members on the list under the condition that they will provide emergency recharging facilities -- if convenient -- to fellow members who are struggling to find somewhere to plug in nearby. Members were expected to plan their trips, telephoning ahead to arrange convenient times to recharge en-route.
That’s a far cry from an iPhone application and website open to anyone who wants to use it.
2011 Nissan Leaf and 2011 Chevy Volt, with charging station visible; photo by George Parrott
Enlarge PhotoIt’s this publishing of private data which has many former EV-Network owners worried that strangers will turn up at their homes expecting a free recharge -- or worse still, that someone will use the database to steal everything from new electric cars to rare, classic electric vehicles.
“Starting yesterday evening I have received several complaints by e-mail from EV-Network members claiming that their personal data is appearing on a web site called Plugsurfing,” wrote EV-Network founder Tim Nicklin in an email to us earlier. “Until that point I had never heard of this website and certainly no agreement exists providing them access to personal data from EV-Network members. I am very concerned about this - indeed my own home address is listed on the PlugSurfing website.”
Although we have been unsuccessful in contacting e-xite Ltd and Plugsurfing’s support department via telephone and email, Adam Woolway of PlugSurfing UK made a public statement earlier detailing that the company was looking into the security breach.
[Update: Mr. Woolway has contacted us to say that he has not heard from us via either telephone or email, but we would like to reiterate that any attempted calls went to voicemail, and our email remains unanswered]
“As with all faults and concerns that crop up in beta testing, and in particular with those concerning data security, we are taking this feedback very seriously. We have removed the data of those that have asked us to directly, and this morning we decided to remove ALL private data from our database. This is a temporary measure whilst we gain the explicit consent of all involved to display the data.”
However, once data has been released into the public domain, it isn’t particularly easy to remove it.
With so many groups now trying to cash in on electric car charging, we suspect this will be the first -- but not last -- time we’ll see private data about charging stations suffer this kind of security breach.
+++++++++++
Follow GreenCarReports on Facebook and Twitter.
Related Articles
-
Tesla's 2012 Model S Charging Equipment. Redesign For Redesign's Sake?
-
European Carmakers Propose Single Electric-Car Charging Plug
-
Getting An Electric Car Charging Station? Make Your Contractor Watch This (Video)
-
BREAKING: Nissan Leaf To Get Faster Charger 'In a Year Or So'
-
Follow Us
On Facebook
Most Popular This Week
More »
10 Tips For Better Gas Mileage This Memorial Day Weekend 
Electric-Car Prices: Tesla, Nissan, Chevy Should Be... 
Green-Car Death List: 2012 Models To Which We Bid Adieu 
New-Generation Electric-Car Batteries Will Take 10 Years, DoE... 
Electric Cars Equal $1/Gallon Gas For Life + $1,200 Cash A Year Find Green Cars
More from High Gear Media
- Follow Us
Have an opinion?Join the conversation!
And one positive thing that has come from this is data security in general needs to be improved. We don't like being the fallguy for this and reject the accusations against us, but rather than point fingers we are willing to listen and provide a better community for everybody to use. A great, environmental, safe and secure community.
This is Adam from PlugSurfing. Thank you for joining the debate, but I wondered if I may comment to point out some inaccuracies in your report. Hopefully, we can to
steer the debate away from scaremongering and more in the direction it needs to go in.
First of all, your headline. This is quite a claim, and it is still one which we are investigating. We maintain that all of our data was taken from public sources and
included in our database in good faith to help encourage EV-ownership. We do not believe that we have published private data without consent and, at this stage, this
cannot be proved otherwise.
We removed 'several hundred entries'. Sounds like sensationalism.
vague number you imply. I should know, I removed them all by hand when I heard these concerns!
'someone will use the database to steal everything from new electric cars to rare, classic electric vehicles.' We understand the importance of personal security and
this is why we are working hard to answer all concerns, but this is scaremongering the Daily Mail would be proud of.
As you will read on the forums where we are being critcised, the taking of such data is not difficult. I repeat that we are still investigating the source of this
data, but let's say, hypothetically, that it did come from Ev-Network.
and accessed by anyone, including people looking for charging points and those looking to steal electric cars. This circumstance is also not limited to the EV-network.
As we are finding out, your data is not as secure as you think it is. We have reacted professionally and quickly to all concerns and we are wanting to learn from
this experience before moving on. We need the support of the EV community to do this, and dirt-digging articles like this do not help. But, more importantly, the
debate needs to focus on what we can do to make this data secure. What are other sites doing? What are EV-network doing?
I will add two points finally:
-I am available at any time to be contacted. I have published my email address on every repsonse and forum (adam.woolway@plugsurfing.com), yet have not received ANY
emails or phone messages from you, despite being accused of not being available for comment.
-Please do not imply we are looking to 'cash in' here, as your final paragraphs do. We have a free app and website service, we do not sell anything and we certainly
have a lot less advertising than your website. In fact, we have none. We just want to help the EV revolution grow, please help us rather than look to fight against us.
Thank you
Adam Woolway
adam.woolway@plugsurfing
Thank you for responding here.
Firstly, we'd like to reiterate that attempts were made to conatct you (telephone went to answerphone) and by email (no reply) - but we are keen to hear your version of events.
Secondly, perhaps you'd be willing to point out where you obtainted your data - that way it will clearer where the information was leaked.
Regards
Nikki.
As one of the EV Network members who's private data you published I must say that you are missing the point. Even if the data proves to have been taken from a publically accessible source you should not have republished it without the users consent.
Furthermore, I received an email from yourself which had a copy of another users complaint attached (including their full contact details) and I can only conclude that your systems of data protection are woefully inadequate.
Have an opinion?Join the conversation!