Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday April 02 2019, @04:49PM   Printer-friendly
from the is-it-digitally-signed? dept.

Submitted via IRC for chromas

Junked Teslas still held unencrypted video recordings

An experiment conducted by white hat hackers and reported by CNBC show that Tesla vehicles store more information than you might think -- and they even keep your data unencrypted. It's normal for cars to keep some information from the cellphones you pair with them via Bluetooth, such as contact numbers. But a Tesla computer can also store videos, locations and navigational data, since the company's vehicles have built-in dashcams, data recorders and other features meant to gather information. In the event of a crash, the video could even include exactly what happened leading to the accident.

One of the researchers who uses the pseudonym GreenTheOnly told CNBC that he managed to extract all sorts of data from salvaged Model X, Model S and Model 3 cars in the past. To take a closer look at what Tesla computers can reveal, he teamed up with another white hat hacker named Theo and purchased a totaled Model 3 late last year for research purposes.

The result? They found unencrypted information from at least 17 different devices, including the number of times they were paired to the vehicle, as well as 11 phonebooks' worth of contact information. The researchers also found calendar entries with descriptions of planned appointments, along with the e-mail addresses of those invited. In addition, they unearthed the 73 last locations (and navigation information) the car went to and even successfully extracted the video of the crash itself.

The fact that the automaker doesn't automatically delete such information could be a double-edged sword. Yes, it could be helpful for investigators, but someone with the technical knowledge can hack into a salvaged or a reconditioned Tesla's computer and extract data. They don't even have to worry about having to break any kind of encryption.

[...] The Chief Security Officer at BugCrowd, which manages Tesla's bug bounty program, explained to the publication that the company can't just wipe cars automatically. There "could be a forensic need to contain and retain the data," he said. "But I would think that what they will want to work on is a way to have all that stored data encrypted, as it would be on your cell phone," he added.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by DannyB on Tuesday April 02 2019, @05:48PM (1 child)

    by DannyB (5839) Subscriber Badge on Tuesday April 02 2019, @05:48PM (#823703) Journal

    They can't talk about it because they are working on a solution.

    Automatically detect when the car has been junked or salvaged.

    . . . by adding even more surveillance to it.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by TheGratefulNet on Wednesday April 03 2019, @02:45AM

    by TheGratefulNet (659) on Wednesday April 03 2019, @02:45AM (#823922)

    shit, all they have to do is encrypt the data while its 'at rest'.

    I can't believe they've been around, what, 10 years and they have not done this YET?

    wow.

    (ob disc: I work at another e-car company, much younger and we ARE encrypting data; taking this very seriously, too).

    --
    "It is now safe to switch off your computer."