Programmer buys older parts of Tesla on eBay, which they find full of user details
Tesla infotainment system is amazing to see. Among other things, they show on Netflix or YouTube videos, using Spotify, Wi-Fi, and contact phone numbers.
The researcher, describing himself as a "curious Tesla tinkerer for how things work," recently discovered 13 Tesla MCUs - short of controlled media - removed from electric vehicles during repairs and repairs. Each of these devices retained a stack of sensitive data even though it retired. Examples include telephone directories from connected phones, callbacks containing hundreds of entries, recent calendar entries, Spotify and W-Fi passwords stored locally, home, work, and everywhere they go, as well as session cookies that allow access to Netflix and YouTube (and Gmail accounts).
All 13 devices indicated that their storage space was a Tesla workspace, which is an indication that it would be removed by an authorized Tesla expert. Tesla help stations remove MCUs for many reasons. Most often, replacing a faulty device or developing a new, high-tech device model that enhances the autopilot of the car.
Your data on eBay
The researcher, who works on this issue, told me he found 12 units on eBay on pages like these. Got one from a friend. Based on the discussions he had, he believes Tesla's official process calls for the MCUs to be moved back to Tesla and that the damaged units be turned down to make sure the connectors are sufficiently damaged and thrown into the trash.
Tesla representatives did not return an email asking what the company's policy for handling MCUs has been removed from the vehicles.
The green the only acquisition poses a risk posed not only to Tesla owners but to drivers of any vehicle with onboard devices that store personal data or provide remote tracking. The man who leased Ford cars to Enterprise Rent-a-Car reportedly could start remotely, stop, shut, and open cars for a long time after returning them not once, but for the second time in the first four months. As is the case with Tesla MCUs that make it back to the market, the failure of the rental companies to authorize employees to completely erase access to all previous consumer information stands for risk and privacy protection that can be easily prevented.
The moral of these stories is that it is up to some people to do a factory reset when they sell a car, return a rental car, or have an existing cheat system. However, no guarantee previously stored data cannot be restored. The researcher said Tesla MCUs store data in an SQLite database that can be deleted until the hard drive blocks it stores are rewritten by new data. While the factory reset may not work properly, it may have made the recovery process more difficult and time-consuming to provide reasonable, if not complete, protection. If possible, a security expert really should destroy the units.
If you read complete article and have suggestions to make changes in the article. Feel free to write down a comment. Thanks in advance.