CYBERSECURITY
TECH | MOBILE | SOCIAL MEDIA | ENTERPRISE | CYBERSECURITY | TECH GUIDE
Tesla cars keep more data than you think, including this video of a crash that totaled a Model 3
Crashed Tesla vehicles, sold at junk yards and auctions, contain deeply personal and unencrypted data including info from drivers' paired mobile devices, and video showing what happened just before the accident.
Security researcher GreenTheOnly extracted unencrypted video, phonebooks, calendar items and other data from Model S, Model X and Model 3 vehicles purchased for testing and research at salvage.
Hackers who test or modify the systems in their own Tesla vehicles are flagged internally, ensuring that they are not among the first to receive over-the-air software updates first.
Kate Fazzini | Lora Kolodny
Published 19 Hours Ago Updated 18 Hours Ago
If you crash your
Tesla, when it goes to the junk yard, it could carry a bunch of your history with it. ... That's because the computers on Tesla vehicles keep everything that drivers have voluntarily stored on their cars, plus tons of other information generated by the vehicles including video, location and navigational data showing exactly what happened leading up to a crash, according to two security researchers.
One researcher, who calls himself GreenTheOnly, describes himself as a "white hat hacker" and a Tesla enthusiast who drives a Model X. He has extracted this kind of data from the computers in a salvaged Tesla Model S, Model X and two Model 3 vehicles, while also making tens of thousands of dollars cashing in on Tesla bug bounties in recent years. He agreed to speak and share data and video with CNBC on the condition of pseudonymity, citing privacy concerns.
Many other cars download and store data from users, particularly information from paired cellphones, such as contact information. The practice is widespread enough that the US Federal Trade Commission has issued advisories to drivers warning them about pairing devices to
rental cars, and urging them to learn how to
wipe their cars' systems clean before returning a rental or selling a car they owned.
But the researchers' findings highlight how Tesla is full of contradictions on privacy and cybersecurity. On one hand, Tesla holds
car-generated data closely, and has fought customers in court
to refrain from giving up vehicle data. Owners must purchase $995 cables and download a software kit from Tesla to get limited information out of their cars via "event data recorders" there, should they need this for legal, insurance or other reasons.
At the same time, crashed Teslas that are sent to salvage can yield unencrypted and personally revealing data to anyone who takes possession of the car's computer and knows how to extract it. ... The contrast raises questions about whether Tesla has clearly defined goals for data security, and who its existing rules are meant to protect.
....