Junked Teslas still held unencrypted video footage

One of the researchers using the pseudonym GreenTheOnly told CNBC that he was able to extract all kinds of data from famous model X, model S and model 3 cars earlier. To look at what Tesla computers can reveal, he took along with another white hacker hacker called Theo and bought a total of 3 models at the end of last year for research purposes.

The result? They found unencrypted information from at least 1[ads1]7 different devices, including the number of times they were connected to the vehicle, and 11 phone boxes to contact information. The researchers also found calendar entries with descriptions of scheduled appointments, along with the email addresses of the invitees. In addition, they discovered the last 73 sites (and the navigation information) the car even went through the video of the crash itself.

The fact that the automaker does not automatically delete this information can be a double edge sword. Yes, it can be useful for investigators, but anyone with technical knowledge can hack into a farmed or reconstructed Tesla computer and extract data. They don't even have to worry about having to break any kind of encryption.

A Tesla spokesperson told CNBC:

"Tesla already offers options that customers can use to protect personal information stored on the car, including a factory reset option to delete personal data and restore custom settings to factory settings and one operating mode to hide personal data (among other features) when giving the keys to an officer, it is said that we are always committed to finding and improving the right balance between technical needs and privacy of our customers. "

These options however, cannot be enough. A former employee from at least one car dealer company that Tesla uses to recondition used cars admitted that they do not factory reset the vehicles they sell. And as the researchers showed, it's possible to extract information from cars that go to the junkyard after a crash. If owners try to modify the car's software on their own, they risk getting software updates much later than everyone else. Apparently, the company flags owners as hackers if they change or analyze the car's system.

The Chief Security Officer of BugCrowd, who manages Tesla's bug bounty program, explained to the publication that the company cannot only dry cars automatically. It "may be a forensic need to contain and retain the data," he said. "But I think that what they want to work with is a way of having all the stored data encrypted, as it would be on your mobile," he added.

Source link

Back to top button