In a shocking revelation, security researchers have extracted personal and unencrypted data — videos, phonebooks, calendar items — of Tesla users from crashed models sold at junkyards and auctions.
According to a CNBC report, a security researcher who goes by the name GreenTheOnly extracted data from the computers in salvaged Tesla Model S, Model X and two Model 3 vehicles.
“The computers on Tesla vehicles keep everything that drivers have voluntarily stored on their cars, plus tons of other information generated by the vehicles, including video, location and navigational data showing exactly what happened leading up to a crash,” the report claimed on Friday, citing researchers.
A Tesla spokesperson told CNBC the company offers options that customers can use to protect personal data stored on their car. “It includes a factory reset option for deleting personal data and restoring customised settings to factory defaults, and a Valet Mode for hiding personal data (among other functions) when giving their keys to a valet,” the spokesperson was quoted as saying.
“We are committed to finding and improving upon the right balance between technical vehicle needs and the privacy of customers,” the Tesla spokesperson said.
According to the report, data stored on Tesla models is not automatically erased when the car is hauled away from an accident site or sold at auction.
GreenTheOnly and his fellow white-hat hacker “Theo” bought a wrecked Model 3 to evaluate the data that remains in the car’s computers after a crash. They extracted records that showed the car’s computers had stored data from at least 17 different devices.
“Mobile phones or tablets had paired to the car around 170 times. The Model 3 held 11 phonebooks’ worth of contact information from drivers or passengers who had paired their devices, and calendar entries with descriptions of planned appointments, and e-mail addresses of those invited,” the report said.
Tesla recently had to give away one of their Model 3 cars and $35,000 prize money to a group of hackers after they cracked its system at a hacking event.
Amat Cama and Richard Zhu of team Fluoroacetate exposed vulnerability in the vehicle system during the Pwn2Own 2019 hacking competition, organised by Trend Micro’s “Zero Day Initiative (ZDI)”, in Vancouver, Canada, this week.
As part of Tesla’s bug bounty programme, the company has paid hundreds of thousands of dollars in rewards to hackers who exposed vulnerabilities in its systems.
The electric car maker was fairly quick to fix vulnerabilities exposed by white hat hackers.