SoylentNews is people
SoylentNews
Submitted via IRC for chromas
Junked Teslas still held unencrypted video recordings
An experiment conducted by white hat hackers and reported by CNBC show that Tesla vehicles store more information than you might think -- and they even keep your data unencrypted. It's normal for cars to keep some information from the cellphones you pair with them via Bluetooth, such as contact numbers. But a Tesla computer can also store videos, locations and navigational data, since the company's vehicles have built-in dashcams, data recorders and other features meant to gather information. In the event of a crash, the video could even include exactly what happened leading to the accident.
One of the researchers who uses the pseudonym GreenTheOnly told CNBC that he managed to extract all sorts of data from salvaged Model X, Model S and Model 3 cars in the past. To take a closer look at what Tesla computers can reveal, he teamed up with another white hat hacker named Theo and purchased a totaled Model 3 late last year for research purposes.
The result? They found unencrypted information from at least 17 different devices, including the number of times they were paired to the vehicle, as well as 11 phonebooks' worth of contact information. The researchers also found calendar entries with descriptions of planned appointments, along with the e-mail addresses of those invited. In addition, they unearthed the 73 last locations (and navigation information) the car went to and even successfully extracted the video of the crash itself.
The fact that the automaker doesn't automatically delete such information could be a double-edged sword. Yes, it could be helpful for investigators, but someone with the technical knowledge can hack into a salvaged or a reconditioned Tesla's computer and extract data. They don't even have to worry about having to break any kind of encryption.
[...] The Chief Security Officer at BugCrowd, which manages Tesla's bug bounty program, explained to the publication that the company can't just wipe cars automatically. There "could be a forensic need to contain and retain the data," he said. "But I would think that what they will want to work on is a way to have all that stored data encrypted, as it would be on your cell phone," he added.
(Score: 3, Interesting) by urza9814 on Wednesday April 03 2019, @02:45PM
I've noticed this the last couple times I had a rental car. Flip though the dash and you'll find a list of previous customers who rented that vehicle -- "Sarah Johnson's iPhone" or "Sam Smith's Android". Kinda surprising how many people apparently use their full name in their device's name. Maybe that's a configuration default these days. With the number of computers in these cars, I wouldn't be surprised if someone with the right hardware could correlate logs between the navigation system and the bluetooth receiver, for example...and that's only going to get worse.
I wouldn't put any of my own info or connect any of my own devices to a car like that...but I also like to flip the settings where I can before I return them. I figure they're more likely to do a factory reset if they find the entire car has been flipped to metric when they get it back, as that's probably easier than actually going through all the settings...and my hope is that the factory reset will wipe whatever information is left in there. In some cases I could wipe it myself...but IMO that ought to be part of their standard procedure, so I'd rather provide some encouragement for them to make that change...