In Germany a few months prior saw CCC publishing a method for destabilizing energy grids using radio waves a cheap hardware: https://media.ccc.de/v/38c3-blinkencity-radio-controlling-st... and presented an attack vector to which most infrastructure in Europe is exposed.
About 4 hours before the grid collapse on the 28th of April 2025 was recorded the largest purchase of Monero in the past 3 years (to remember: monero is coin of choice for special operations), making it surge +40% in 24 hours. The initial Spanish reports mentioned conflicting power information from dozens of locations at the same time which is consistent with a sequential attack using the blinkencity method so the grid itself is forced to close down.
Well, if that's really the cause, then thanks CCC, I guess. For such a serious vulnerability which is probably non-trivial (not to mention expensive) to patch, is it really responsible to give only 3.5 months of time before disclosing it (according to slide #56 https://cdn.prod.website-files.com/5f6498c074436c349716e747/..., they notified EFR about the vulnerability on 2024-09-12 and disclosed it on 2024-12-28)?
IMHO wouldn't make much a difference, the issue had been known to them for years up to that point. To a large part still exists, the Spanish grid only committed to upgrade the hardware after this incident. Even so it will require about another year to complete the upgrade over there.
I don't follow in detail the news on other European nations but haven't seen much focus on hardening their security until they actually get breached. A recent example (albeit different attack vector) would be the Polish grid: https://arstechnica.com/security/2026/01/wiper-malware-targe...
Cars nowadays are packed with microphones and permanently connected to the internet on daily basis so that drivers can have remote assistance when the car breaks once every 5 years or so.
I keep hearing this one. But at least for EU, the eCall system requires external communication to be disabled until activated during serious accident. It cannot be used for tracking the vehicle in real-time.
> 2. The personal data processed pursuant to this Regulation shall only be used for the purpose of handling the emergency situations referred to in the first subparagraph of Article 5(2).
> Manufacturers shall provide clear and comprehensive information in the owner's manual about the processing of data carried out through the 112-based eCall in-vehicle system. That information shall consist of:
> the fact that there is no constant tracking of the vehicle;
That vehicle nowadays are equipped with always-on internet and microphones is not related to remote assistance.
Your car if new enough, IS reporting its diagnostics including GPS via cell. All the time. This isn’t exactly personally identifiable so they get away with it just fine.
This is unrelated to the microphones and assistance systems.
There are two definitions: a) Personal Data and b) Emergency Situations
What is an emergency situation and how can a car determine it is one? These are "smart" cars which aren't nowadays smart enough to process all your data locally, so that data is sent to servers elsewhere which process if either points a) or b) apply.
It is your choice to believe that voice data is ever deleted once acquired by governments and entities thirsty to benefit from that information.
For security experts this is just another "I told you so" within a few years.
Emergency situations are defined by two situations: severe accidents and manual press of the button. Article 6 covers the data being sent, Article 5 covers the manufacturer's obligations. Your audio during the accident and your last three locations may leak, but the eCall system is not designed for a permanent phone-home system. If I remember correctly, you can't even use the eCall SIM for tracking as that'd encourage people to disable safety features.
All the things you are talking about, permanent phone-home, tracking of location, audio and video, driving habits, are tracked, sent and resold. That's what smart cars do. But it is not done through the eCall system. See it from the company perspective: why would they risk penalties for non-compliance when they can gather and resell all personal data with no risks using their own system instead of a safety one?
I stated that the microphone and network access installed on modern car for emergency situations can and will be used 24/7 when deemed "necessary" for your "security".
One of my favorite things about going EV is the forums tend to be full of paranoid nerds which means someone will be willing to try desoldering the cell modem off their boards to see what happens.
lip2p is not really usable as you'll see a bit further. The overhead is huge and phones will quickly be drained out of battery from trying to use it.
Maybe with PI zero always connected to the power this isn't an issue.
You are welcome to visit the https://geogram.radio to get ideas or maybe to help develop the project (it is open source). It does decentralized web hosting, as well as blogs, chat, docs, meetings, etc over other links besides internet like bluetooth, radio and other mesh configurations.
If that is case, then it would have been wrong from the beginning for any government to keep hold of the private keys for the signature on my citizen card.
Because in that case they can sign documents on my behalf without my permission. In a court case, it would be near impossible for me to prove that the government gave my private key to someone else and that it wasn't me signing an incriminating document.
I apparently didn't phrase that very well. If what is the case? I was trying to ask which case was the case, not trying to claim that something specific was the case.
I'm familiar with electronic signatures, and I know what documents are, but I have never heard the phrase "electronic signing documents" and don't know what that is supposed to mean. What kind of documents? Documents about signing, documents that were signed, documents in the sense that files containing keys could be considered documents, or what?
In Portugal we were early adopters for digital signatures on citizen cards.
You use the card reader, insert your gov-issued identification and can sign PDF papers which have legal validity since the private key from the citizen card was used.
Now imagine someone signing random legal documents with your ID for things like debts, opening companies or subscritions to whatever.
Signed documents can be as simple as an ID of the transaction, a statement in text, PII data that identify what you sign, or a store of larger PDF files for download and verification. We do not know. I base this on how signing works technically in Sweden.
We might've lucked out here, there is some signature data on ID cards today and official _plans_ to make a government backed signing service, but practically _nobody_ uses them in practice to just revoking all those keys will be a minor issue.
Currently most Swede's use a private bank consortisum controlled ID solution for most logins and signatures.
There isn't much escape other than using messengers which encrypt the data locally. Geogram radio is doing this.
reply