Tesla Model 3 hack shows owner's data can be easily extracted from junked Tesla cars
Researchers say they were able to extract unencrypted data about vehicle owners from salvaged Tesla Model X, Model S and Model 3 vehicles
Data stored on Tesla cars is not erased when a car is sold at auction or hauled away from an accident site, according to two white hat hackers who said they were able to extract a trove of personal and unencrypted data from the wreckage of a crashed Tesla Model 3.
Although Tesla is not the only company whose cars pose this risk, the example clearly shows how inclusion of new technology in vehicles can become a big security threat for former owners, regardless of whether those vehicles are wrecked or sold.
According to a report from CNBC, two security researchers, who go by the pseudonyms "GreenTheOnly" and "Theo" were able to extract unencrypted data, including phonebooks, videos, location, calendar and other items, about Tesla owners from the computers in salvaged Tesla Model X, Model S and two Model 3 vehicles.
According to CNBC, "GreenTheOnly" is a Tesla enthusiast, drives a Model X, and has also won tens of thousands of dollars in Tesla bug bounty programmes in recent years.
GreenTheOnly and Theo bought a wrecked Model 3 in 2018 to take a closer look at car ' s computers and to find out what data remains in those computers after a crash.
They were surprised to find that the car ' s systems still had data from "at least 17 different devices." That included information voluntarily stored by car drivers as well as data generated by the vehicle, such as crash footage, navigation and location data, which revealed precisely what happened before a crash.
The analysis further revealed that the vehicle was previously owned by a construction firm and was used by 11 drivers or passengers. The phonebook data extracted from car ' s computer had email addresses, numbers, and calendar entries with details of planned appointments.
In addition, they were also able to obtain information about the last 73 locations stored into the car ' s navigation system.
When CNBC contacted Tesla about this research, a company spokesperson said that the car owners are offered options to protect private data stored on their vehicles.
According to Tesla, there is a factory reset option which can be used to "restore customised settings to factory defaults".
"That said, we are always committed to finding and improving upon the right balance between technical vehicle needs and the privacy of our customers," the spokesperson added.
Delta is a new market intelligence service from Computing to help CIOs and other IT decision makers make smarter purchasing decisions - decisions informed by the knowledge and experience of other CIOs and IT decision makers.
Delta is free from vendor sponsorship or influence of any kind, and is guided by a steering committee of well-known CIOs, such as Charles Ewen, Christina Scott, Steve Capper and Laura Meyer.
Ten crucial technology areas are already covered at launch, with more data appearing and more areas being covered every week. Sign-up here for your free trial of the Computing Delta website.