Experts Insight On Tesla Data Leak: Old Components Containing Personal Info End Up On eBay

Tesla’s retrofitting service for media control units (MCU) and Autopilot hardware may not go far enough in protecting owners’ personal data. That’s according to white hat hacker GreenTheOnly, whom obtained four units of these Tesla computers off eBay and found the previous owners’ personal data still on them. Even more worryingly, though, Tesla have failed to notify customers that might be affected.

Subscribe
Notify of
guest
4 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Tim Mackey
Tim Mackey , Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center)
InfoSec Expert
May 5, 2020 2:38 pm

Businesses and consumers need to recognize that, just like with laptops, any piece of software is capable of collecting personal data. The more sophisticated and connected the device, the greater the potential for it to contain logs and settings which could place the consumer at risk when the device is resold or recycled. With cars becoming ever more connected and offering increasing information to drivers and passengers, manufacturers like Tesla, dealer networks supporting any manufacturer and neighbourhood mechanics are in a position to access the personal information stored within the multitude of computers within a modern vehicle. Limiting this access, and taking care to ensure stored data is deleted during computer replacement should be a high priority for the automotive industry as we move closer to a world where connected cars are the norm.

Last edited 2 years ago by Tim Mackey
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Expert
May 5, 2020 2:35 pm

Second-hand electronics can be a treasure trove of information for criminals. If organisations do not adequately wipe previous information, any information stored relating to previous owners or organisations can be viewed, resulting in a security and privacy breach. It\’s therefore essential that organisations which provide devices have mechanisms that allow users to easily and securely erase all data contained prior to returning or selling it.

Last edited 2 years ago by Javvad Malik
Mark Bower
Mark Bower , Senior Vice President
InfoSec Expert
May 5, 2020 2:34 pm

Tesla always push boundaries of driverless technology, so it’s quite unexpected to hear of data leakage of personal data from automotive components like this, especially those at the edge of powerful online network systems that drive modern intelligent vehicles. The question on my mind is, could Tesla avoid personal data storage like this using modern data-centric security technology? Very probably. There are new data security methods that are ideal for dynamic edge telemetry systems and online analytic platforms to avoid retention of personal data while still enabling full customer experience, engagement, and even machine learning analytics without live data leakage risks. That would take care of both the disposal and recycling of parts, but also a myriad of security and privacy compliance issues and data breach risks for them.

Last edited 2 years ago by Mark Bower
Paul Bischoff
Paul Bischoff , Privacy Advocate
InfoSec Expert
May 5, 2020 2:32 pm

Tesla seems to have an operational security issue at its service centres that allow its computers to be resold without wiping the previous owners data. The service centres are either not destroying them well enough to make data unrecoverable, or technicians are selling the old computers to make a profit, or both. If you plan on upgrading the computer in your Tesla, be sure to use the factory reset option to wipe all of the data beforehand.

Last edited 2 years ago by Paul Bischoff
4
0
Would love your thoughts, please comment.x
()
x