A Tesla enthusiast hacker has discovered Tesla’s onboard computers keep more data than they let on, and proved that data isn’t wiped when a crashed car gets junked – or even when it’s reconditioned and resold.
Reconditioned Teslas carry the traces of their former owners, from personally identifying contact information to hours of footage of the driver staring blankly ahead as they navigate the road, according to “GreenTheOnly,” a pseudonymous “white-hat” hacker and Tesla owner who revealed the extent of Tesla’s data-hoarding to CNBC. None of that data is encrypted.
When a Tesla is sent to the junkyard, it takes with it the owner’s GPS and navigational data, phone address books, call records, and hours and hours of footage from two constantly-running dash-cams, one oriented toward the road and the other pointed at the driver. These can record even when the car is parked – and the driver isn’t made aware that they are doing so, GreenTheOnly said. If the car is salvageable, it’s reconditioned and put on the used car lot – without wiping the onboard computer, leaving the previous owner vulnerable to bad actors.
GreenTheOnly and fellow hacker Theo bought a wrecked Tesla Model 3 to test their hypothesis and were able to surface the vehicle’s previous owner, as well as data from 17 different devices used by individuals who had driven it – including “11 phonebooks’ worth of contact information” and 73 navigation destinations – and the video of the car’s last fateful hours before it plowed into a tree.
Users who want to know what their cars are up to face an uphill battle, from the $995 price tag on the proprietary cables needed to get data out of the “event data recorders” onboard to actual courtroom face-offs when it looks like the car might have been at fault in a crash. While Tesla pays “bug bounties” to drivers who find flaws in its systems, it also flags drivers who attempt to modify their own vehicles’ systems so that they don’t receive software updates right away.
GreenTheOnly accused Tesla of profiting off open-source software earlier this year – ironic, given how zealously the company guards its code, and how lackadaisically they fail to guard drivers’ personal information.
If you like this story, share it with a friend!