Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Thursday May 07 2020, @12:32AM   Printer-friendly
from the if-you've-done-nothing-wrong...? dept.

Hacker buys old Tesla parts on eBay, finds them full of user data:

Tesla infotainment systems are a marvel to behold. Among other things, they display Netflix or YouTube videos, run Spotify, connect to Wi-Fi, and of course store phone numbers of contacts. But those benefits require storing heaps of personal information that an amateur researcher found can reveal owners' most sensitive data.

The researcher, who described himself as a "Tesla tinkerer that's curious about how things work," recently gained access to 13 Tesla MCUs—short for media control units—that were removed from electric vehicles during repairs and refurbishments. Each one of the devices stored a trove of sensitive information despite being retired. Examples included phone books from connected cell phones, call logs containing hundreds of entries, recent calendar entries, Spotify and W-Fi passwords stored in plaintext, locations for home, work, and all places navigated to, and session cookies that allowed access to Netflix and YouTube (and attached Gmail accounts).

[...] The researcher, who goes by the handle greentheonly, told me he obtained 12 of the units off of eBay from pages like this one. He got the other one from a friend. Based on conversations he's had, he believes Tesla official procedure calls for removed MCUs to be sent intact back to Tesla and for damaged units to be hammered down to ensure that connectors are sufficiently damaged and then thrown into the trash.

[...] The moral of these stories is that it's up to individuals to perform factory resets when selling a car, returning a rental vehicle, or having an infotainment system serviced. Even then, there's no guarantee that previously stored data can't be recovered. The researcher said the Tesla MCUs keep information in a SQLite database that isn't deleted until the hard drive blocks that store it are overwritten by new data. While a factory reset may not be foolproof, it's likely to make the recovery process difficult and time-consuming enough to provide a meaningful, if imperfect, defense. When possible, the truly security conscious should destroy the units.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Insightful) by Anonymous Coward on Thursday May 07 2020, @03:31AM

    by Anonymous Coward on Thursday May 07 2020, @03:31AM (#991235)

    1% is a much bigger club than the analogy is meant for. It just doesn't have the same metaphorical power saying the .1% club.

    Don't try and make metaphors match reality 110%.

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  

    Total Score:   1