Experts Insight On Tesla Data Leak: Old Components Containing Personal Info End Up On eBay

Tesla’s retrofitting service for media control units (MCU) and Autopilot hardware may not go far enough in protecting owners’ personal data. That’s according to white hat hacker GreenTheOnly, whom obtained four units of these Tesla computers off eBay and found the previous owners’ personal data still on them. Even more worryingly, though, Tesla have failed to notify customers that might be affected.

Experts Comments

May 05, 2020
Mark Bower
Senior Vice President
comforte AG
Tesla always push boundaries of driverless technology, so it’s quite unexpected to hear of data leakage of personal data from automotive components like this, especially those at the edge of powerful online network systems that drive modern intelligent vehicles. The question on my mind is, could Tesla avoid personal data storage like this using modern data-centric security technology? Very probably. There are new data security methods that are ideal for dynamic edge telemetry systems and.....Read More
Tesla always push boundaries of driverless technology, so it’s quite unexpected to hear of data leakage of personal data from automotive components like this, especially those at the edge of powerful online network systems that drive modern intelligent vehicles. The question on my mind is, could Tesla avoid personal data storage like this using modern data-centric security technology? Very probably. There are new data security methods that are ideal for dynamic edge telemetry systems and online analytic platforms to avoid retention of personal data while still enabling full customer experience, engagement, and even machine learning analytics without live data leakage risks. That would take care of both the disposal and recycling of parts, but also a myriad of security and privacy compliance issues and data breach risks for them.  Read Less
May 05, 2020
Tim Mackey
Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center)
Synopsys
Businesses and consumers need to recognize that, just like with laptops, any piece of software is capable of collecting personal data. The more sophisticated and connected the device, the greater the potential for it to contain logs and settings which could place the consumer at risk when the device is resold or recycled. With cars becoming ever more connected and offering increasing information to drivers and passengers, manufacturers like Tesla, dealer networks supporting any manufacturer and .....Read More
Businesses and consumers need to recognize that, just like with laptops, any piece of software is capable of collecting personal data. The more sophisticated and connected the device, the greater the potential for it to contain logs and settings which could place the consumer at risk when the device is resold or recycled. With cars becoming ever more connected and offering increasing information to drivers and passengers, manufacturers like Tesla, dealer networks supporting any manufacturer and neighbourhood mechanics are in a position to access the personal information stored within the multitude of computers within a modern vehicle. Limiting this access, and taking care to ensure stored data is deleted during computer replacement should be a high priority for the automotive industry as we move closer to a world where connected cars are the norm.  Read Less
May 05, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
Second-hand electronics can be a treasure trove of information for criminals. If organisations do not adequately wipe previous information, any information stored relating to previous owners or organisations can be viewed, resulting in a security and privacy breach. It's therefore essential that organisations which provide devices have mechanisms that allow users to easily and securely erase all data contained prior to returning or selling it.
May 05, 2020
Paul Bischoff
Privacy Advocate
Comparitech
Tesla seems to have an operational security issue at its service centres that allow its computers to be resold without wiping the previous owners data. The service centres are either not destroying them well enough to make data unrecoverable, or technicians are selling the old computers to make a profit, or both. If you plan on upgrading the computer in your Tesla, be sure to use the factory reset option to wipe all of the data beforehand.
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.