Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday April 02 2019, @04:49PM   Printer-friendly
from the is-it-digitally-signed? dept.

Submitted via IRC for chromas

Junked Teslas still held unencrypted video recordings

An experiment conducted by white hat hackers and reported by CNBC show that Tesla vehicles store more information than you might think -- and they even keep your data unencrypted. It's normal for cars to keep some information from the cellphones you pair with them via Bluetooth, such as contact numbers. But a Tesla computer can also store videos, locations and navigational data, since the company's vehicles have built-in dashcams, data recorders and other features meant to gather information. In the event of a crash, the video could even include exactly what happened leading to the accident.

One of the researchers who uses the pseudonym GreenTheOnly told CNBC that he managed to extract all sorts of data from salvaged Model X, Model S and Model 3 cars in the past. To take a closer look at what Tesla computers can reveal, he teamed up with another white hat hacker named Theo and purchased a totaled Model 3 late last year for research purposes.

The result? They found unencrypted information from at least 17 different devices, including the number of times they were paired to the vehicle, as well as 11 phonebooks' worth of contact information. The researchers also found calendar entries with descriptions of planned appointments, along with the e-mail addresses of those invited. In addition, they unearthed the 73 last locations (and navigation information) the car went to and even successfully extracted the video of the crash itself.

The fact that the automaker doesn't automatically delete such information could be a double-edged sword. Yes, it could be helpful for investigators, but someone with the technical knowledge can hack into a salvaged or a reconditioned Tesla's computer and extract data. They don't even have to worry about having to break any kind of encryption.

[...] The Chief Security Officer at BugCrowd, which manages Tesla's bug bounty program, explained to the publication that the company can't just wipe cars automatically. There "could be a forensic need to contain and retain the data," he said. "But I would think that what they will want to work on is a way to have all that stored data encrypted, as it would be on your cell phone," he added.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 0) by Anonymous Coward on Tuesday April 02 2019, @05:00PM (2 children)

    by Anonymous Coward on Tuesday April 02 2019, @05:00PM (#823682)

    Nice blame dodge, MuskRat

    No one inside of T would talk about it?

    • (Score: 2) by DannyB on Tuesday April 02 2019, @05:48PM (1 child)

      by DannyB (5839) Subscriber Badge on Tuesday April 02 2019, @05:48PM (#823703) Journal

      They can't talk about it because they are working on a solution.

      Automatically detect when the car has been junked or salvaged.

      . . . by adding even more surveillance to it.

      --
      People today are educated enough to repeat what they are taught but not to question what they are taught.
      • (Score: 2) by TheGratefulNet on Wednesday April 03 2019, @02:45AM

        by TheGratefulNet (659) on Wednesday April 03 2019, @02:45AM (#823922)

        shit, all they have to do is encrypt the data while its 'at rest'.

        I can't believe they've been around, what, 10 years and they have not done this YET?

        wow.

        (ob disc: I work at another e-car company, much younger and we ARE encrypting data; taking this very seriously, too).

        --
        "It is now safe to switch off your computer."
  • (Score: 3, Funny) by DannyB on Tuesday April 02 2019, @05:46PM

    by DannyB (5839) Subscriber Badge on Tuesday April 02 2019, @05:46PM (#823702) Journal

    Won't that increase their salvage value?

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
  • (Score: 2, Insightful) by realDonaldTrump on Tuesday April 02 2019, @05:59PM (1 child)

    by realDonaldTrump (6614) on Tuesday April 02 2019, @05:59PM (#823714) Homepage Journal

    This is what our Law Enforcement guys need. We call it RESPONSIBLE ENCRYPTION!!!!

    • (Score: 4, Funny) by bob_super on Tuesday April 02 2019, @06:26PM

      by bob_super (1357) on Tuesday April 02 2019, @06:26PM (#823730)

      They had tried to put in triple-ROT13, but got complaints from the cops.

  • (Score: 2) by AssCork on Tuesday April 02 2019, @06:26PM (2 children)

    by AssCork (6255) on Tuesday April 02 2019, @06:26PM (#823729) Journal

    This sounds a lot like a plot device to a Neil Stephenson short-story or something equally sci-fi.

    --
    Just popped-out of a tight spot. Came out mostly clean, too.
    • (Score: 0) by Anonymous Coward on Tuesday April 02 2019, @06:44PM

      by Anonymous Coward on Tuesday April 02 2019, @06:44PM (#823739)

      Reminds me to read Unwind.

    • (Score: 2) by FatPhil on Tuesday April 02 2019, @11:06PM

      by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Tuesday April 02 2019, @11:06PM (#823846) Homepage
      Yeah, but just rewind it to pre-tech eras:

      Landfills contain kleenexes with Jeffreh Dahmer's DNA.
      --
      Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
  • (Score: 2, Insightful) by Anonymous Coward on Tuesday April 02 2019, @07:24PM

    by Anonymous Coward on Tuesday April 02 2019, @07:24PM (#823747)

    Imagine you have a person who wants to be your friend, and asks probing questions about your eating habits, how much money you have, if you smoke or do drugs, any medications you may be using, records your conversations with him, videotapes you and your visitors by waiting outside your home. Do you still think that person can be a friend?

    If you were to see the databases of some of the internet companies you may be using, and seeing how much data they record about you, you'd never use them again.

    The system is not your friend. The system was compromised and infiltrated ages ago by the enemy.

  • (Score: 3, Insightful) by exaeta on Tuesday April 02 2019, @07:41PM

    by exaeta (6957) on Tuesday April 02 2019, @07:41PM (#823755) Homepage Journal
    You can't both store the data and encrypt it (unless using asymmetric encryption to Tesla, which is kind of evil!). Also, selling devices designed to incriminate the user is kind of, Orwellian? Will not buy one of these pieces of crap.
    --
    The Government is a Bird
  • (Score: 1) by anubi on Wednesday April 03 2019, @04:16AM

    by anubi (2828) on Wednesday April 03 2019, @04:16AM (#823962) Journal

    Why not store user data on removable storage such as TF cards?

    That way, the user can simply remove and replace them should he want to sell his car. Even WalMart had TF cards.

    --
    "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
  • (Score: 3, Interesting) by urza9814 on Wednesday April 03 2019, @02:45PM

    by urza9814 (3954) on Wednesday April 03 2019, @02:45PM (#824096) Journal

    I've noticed this the last couple times I had a rental car. Flip though the dash and you'll find a list of previous customers who rented that vehicle -- "Sarah Johnson's iPhone" or "Sam Smith's Android". Kinda surprising how many people apparently use their full name in their device's name. Maybe that's a configuration default these days. With the number of computers in these cars, I wouldn't be surprised if someone with the right hardware could correlate logs between the navigation system and the bluetooth receiver, for example...and that's only going to get worse.

    I wouldn't put any of my own info or connect any of my own devices to a car like that...but I also like to flip the settings where I can before I return them. I figure they're more likely to do a factory reset if they find the entire car has been flipped to metric when they get it back, as that's probably easier than actually going through all the settings...and my hope is that the factory reset will wipe whatever information is left in there. In some cases I could wipe it myself...but IMO that ought to be part of their standard procedure, so I'd rather provide some encouragement for them to make that change...

(1)