Teslas keep troves of drivers' personal data, even after they're scrapped – or resold

30 Mar, 2019 04:27 / Updated 4 years ago

A Tesla car hacker has discovered that the vehicles’ onboard computers don’t wipe owners’ personal data, which is stored unencrypted, when a crashed vehicle is junked.

Reconditioned Teslas carry traces of their former owners, from personally identifying contact information to footage captured by the vehicles’ multiple onboard cameras, according to GreenTheOnly, a pseudonymous “white hat” hacker and Tesla owner who revealed the extent of Tesla's data-hoarding to CNBC.

Also on rt.com Tesla U-turn: Electric carmaker to raise prices on all models & scale back on store closures

The hacker claims he managed to extract this data, and says none of it was encrypted.

When a Tesla is sent to the junkyard, it takes with it the owner’s GPS and navigational data, phone address books, call records, and even videos of the incidents the car had been involved in. The dashcams, including a driver-facing selfie camera (currently Tesla model 3 only), can record even when the car is parked – and there is “no way” for the driver to know for sure when they are doing so, GreenTheOnly said.

If the car is salvageable, it’s reconditioned and put on the used car lot – without wiping the onboard computer, leaving the previous owner vulnerable to bad actors, according to an employee of Manaheim auctions speaking to CNBC.

GreenTheOnly and fellow hacker Theo bought a wrecked Tesla Model 3 to test their hypothesis and were able to access details of the vehicle’s previous owner, as well as data from 17 different devices used by individuals who had driven it – including “11 phonebooks’ worth of contact information” and 73 navigation destinations – and the video of the car’s last fateful hours before it plowed into a tree.

Tesla says it provides features for the owners to safeguard their data, “including a factory reset option for deleting personal data and restoring customized settings to factory defaults, and a Valet Mode for hiding personal data (among other functions) when giving their keys to a valet.” It is also possible to opt out of all data harvesting, GreenTheOnly has said, but by doing that, you also opt out of quality-of-life features like real-time onboard software updates – so most users take the trade-off.

Also on rt.com Tesla’s autopilot system not safe & may even increase risk of crashes – investigative report

Users who want to know what their cars are up to face an uphill battle, from the $995 price tag on the proprietary cables needed to get data out of the "event data recorders" onboard to actual courtroom face-offs when it looks like the car might have been at fault in a crash. While Tesla pays "bug bounties" to drivers who find flaws in its systems, it also flags drivers who attempt to modify their own vehicles' systems so that they don't receive software updates right away.

Editor’s note: The story has been amended to better reflect the researchers’ statements.

If you like this story, share it with a friend!