According to a recent report, Tesla components containing the previous owners’ personal information are appearing for sale online.
A recent report from InsideEVs claimed that Tesla’s retrofitting service for media control units and Autopilot hardware may be failing to properly protect owners’ personal data. A white hat hacker (a term used to describe ethical hackers) named GreenTheOnly obtained four Tesla computers off eBay and found the previous owner’s personal data still on all of them.
Green alleges that he informed Tesla of this before bringing his findings to InsideEVs, but according to Green, Tesla refused to notify all of its customers that could be affected in a timely manner. Tesla has reportedly stated that it will be notifying one of its affected customers but has yet to do so.
According to Green, each of the modules he bought had “owner’s home and work location, all saved wifi passwords, calendar entries from the phone, call lists and address books from paired phones, Netflix and other stored session cookies.” The stored session cookies could give hackers access to private accounts.
It seems that when Tesla owners had their vehicles retrofitted with new computer hardware, the old components containing personal data may currently be for sale on eBay. The first generation MCU computers, MCUv1, had issues with excessive logging which caused the computer to fail within four to five years.
The MCUv2 allegedly fixed this issue and was made available in the United States on March 3. Green alleges that MCUv2 units are also failing due to manufacturing issues with the EMMC chip, but all of the computers are involved in the current privacy issue are the original MCU units.
For Tesla’s Model 3 vehicle, the ICE computer on older cars often needs to upgraded if the owner purchases Tesla’s Full Self Driving (FSD) package. Green obtained three ICE computers from Tesla Model 3 cars and one MCUv2 from a Model X vehicle, he outlined the process stating:
“Prices on eBay for these units started to drop from more than $500 to $300 then $200 then $150 and so on, so more and more people started to buy them for research. They are useless in car repairs because there’s no easy way to use them in other cars. Since you need specialized knowledge to get started, some of those people turned to me and other ‘hackers’ to help them get started. Some units were sent to me to extract data out of them to bootstrap some research too. This is when I became aware of the data leakage happening. I then purchased a unit on eBay to confirm it works exactly like that. And it sure does.”
InsideEVs contacted Tesla in an attempt to determine how the company ensures that customer data is protected when removing ICE computers from vehicles. Tesla did not comment, but one source stated that technicians were told to throw the replaced computers away or damage them before trashing them.
Green commented: “I also heard a prerequisite to throwing the unit into a dumpster is to hit it with a hammer a few times. This obviously does not destroy any data and I did see these units for sale too – at even lower prices, at times as little as $10 if you get a box full of them. Obviously, undamaged units sell for more, so I guess there’s an incentive to not hit them with any hammers.”
Read the full report at InsideEVs here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address lucasnolan@protonmail.com
COMMENTS
Please let us know if you're having issues with commenting.