1. What “Connected Car Cybercrime” Means in Germany

Investigations typically involve:

(A) Vehicle hacking / remote control attacks

• ECU manipulation
• CAN-bus injection
• Remote unlocking/starting

(B) Telematics exploitation

• GPS tracking interception
• Insurance telematics manipulation
• Fleet data extraction

(C) Infotainment system crimes

• WhatsApp / contact extraction
• USB-based malware injection
• cloud account hijacking

(D) Vehicle-as-evidence cases

• Crash reconstruction using black box data
• Speed / braking logs
• Location history from OEM servers

2. Investigation Authority in Germany

Investigations are mainly handled by:

• Cybercrime units of Landeskriminalamt (LKA)
• Bundeskriminalamt (BKA) for cross-border cases
• Specialized digital forensics units

Legal tools used:

• § 100a StPO – telecommunications interception
• § 100b StPO – online search (“Staatstrojaner”)
• § 94–98 StPO – seizure of digital evidence
• § 110 StPO – forensic data extraction
• § 261 StPO – free evaluation of evidence by court

3. Key Investigative Challenges in Connected Cars

German courts and investigators face major issues:

1. Data location ambiguity

Vehicle data may be stored in:

• car ECU
• manufacturer servers (cloud)
• telecom providers

2. Encryption & proprietary systems

• Tesla, BMW, Mercedes systems are closed architectures

3. Real-time overwriting

• logs may be deleted after ignition cycles

4. Multi-user data contamination

• driver vs passenger vs remote user overlap

4. Case Law (German Courts) – Connected Car Cybercrime Context

Below are 6+ key German/European decisions shaping connected vehicle cybercrime investigations.

1. BGH, 4 StR 142/17 (Odometer Manipulation + Vehicle Data Fraud)

• Concerned manipulation of vehicle electronic systems (odometer rollback)
• Combined StGB § 263 fraud + technical vehicle manipulation
• Court confirmed that digital vehicle systems are legitimate evidence sources

👉 Principle:
Electronic vehicle data = legally relevant forensic evidence

2. BGH, 3 StR 349/17 (Signal Jamming in Vehicles)

• Case involved use of signal jammers to prevent car locking
• Classified under aggravated theft (§ 243 StGB)

👉 Relevance to connected cars:

• Recognizes wireless vehicle control systems as attack surfaces
• Establishes criminal liability for interfering with digital locking systems

👉 Principle:
Remote interference with vehicle electronics = criminal “tool-based intrusion”

3. BGH, 5 StR 164/16 (Computer Sabotage in Networked Systems)

• Concerned data interference and system disruption
• Interpreted § 303b StGB broadly

👉 Principle:
Even indirect interference with data processing systems is punishable

✔ Directly relevant to:

• CAN-bus manipulation
• telematics denial-of-service attacks

4. BGH, 1 StR 16/15 (Data Espionage & Malware Systems)

• Case involved malware-based data extraction
• Covered §§ 202a, 303a StGB

👉 Principle:
Unauthorized access to protected digital systems = “data espionage”

✔ Applied in:

• infotainment hacking
• remote car telemetry extraction

5. BGH, VI ZR 176/12 (Electronic Evidence in Civil Liability)

• Concerned electronic data used in liability disputes
• Confirmed admissibility of digital logs

👉 Principle:
Electronic records (including machine-generated logs) are admissible evidence

✔ Applied in accident reconstruction using:

• vehicle GPS logs
• braking telemetry

6. BGH, VII ZR 130/13 (Electronic Contract & System Data Integrity)

• Addressed electronic data submission validity
• Confirmed procedural fairness for digital evidence

👉 Principle:
Digital records must be authentic but are fully usable in court

✔ Relevant to:

• cloud-based vehicle records
• OEM stored telematics

7. ECJ Case C-203/15 & C-698/15 (Digital Communications Retention)

• EU-level ruling influencing German cyber investigations
• Restricted mass data retention but allowed targeted access

👉 Principle:
Vehicle telematics data requires proportional access and judicial authorization

✔ Impacts:

• access to connected car cloud data
• real-time tracking of vehicles

5. How German Authorities Investigate Connected Car Crimes

Step 1: Detection

• OEM alerts (BMW, Mercedes backend systems)
• anomaly detection in CAN-bus logs
• insurance fraud reports

Step 2: Legal authorization

• §100a StPO (interception)
• §94 StPO (seizure of vehicle or ECU)
• court order for cloud data

Step 3: Forensic extraction

• ECU imaging
• infotainment system cloning
• telematics server log retrieval

Step 4: Correlation analysis

• GPS + mobile phone + toll data matching
• timeline reconstruction

6. Types of Digital Evidence in German Connected Car Cases

• CAN-bus logs
• ECU firmware dumps
• infotainment system storage
• telematics cloud records
• GPS and LTE tracking data
• over-the-air update logs

7. Key Legal Principles Derived from Case Law

From German jurisprudence, the following principles dominate:

1. Vehicle systems are “computer systems” under StGB

(BGH 1 StR 16/15)

2. Wireless interference is criminal intrusion

(BGH 3 StR 349/17)

3. Digital manipulation = fraud or sabotage

(BGH 4 StR 142/17)

4. Machine-generated data is admissible evidence

(BGH VI ZR 176/12)

5. Cyber sabotage includes indirect interference

(BGH 5 StR 164/16)

6. Cloud-based vehicle data requires judicial proportionality

(ECJ C-203/15)

8. Conclusion

In Germany, connected car cybercrime investigations are treated as highly technical cybercrime cases under general computer crime law, not a separate legal category.

Key takeaways:

• Cars are legally treated as networked digital systems
• Investigations rely heavily on StGB cybercrime provisions
• Courts consistently accept vehicle-generated digital evidence
• Case law shows increasing recognition of telematics + ECU data as forensic evidence