Tesla Model 3 hack shows new cars can snitch on owners after a wreck

Two security researchers and self-described "white hat hackers" found a treasure trove of location, camera and other unencrypted data in a destroyed Tesla Model 3, according to a new report from CNBC . And while it's not a problem with Tesla alone, the example serves as a clear reminder that newer cars can become a security risk for previous owners, regardless of whether they are sold or destroyed.

The two researchers say they bought a total Model 3 at the end of 2018. When they accessed the car's computer, they found unencrypted data from "at least 17 different devices," according to the report. (The car was owned by a construction company and, presumably, was used by several employees). That included 11 telephone directories of drivers or passengers, with numbers, email addresses and calendar entries intact. The researchers also gained access to the last 73 locations that had been connected to the car's navigation system.

In addition, the car's computer still contained images of one of the seven cameras of Model 3. This included the front view of the accident that totaled the car, as well as a clip from a previous crash that was less serious.

One of the researchers told CNBC that he also found similar data from other Tesla vehicles, including a Tesla Model S, a Model X and two other Models 3. "Given how technically sophisticated Teslas are, I am surprised a lot of knowing that they would handle the data so carelessly, "said Ashkan Soltani, security researcher and former chief technologist at the FTC, in an email to The Verge .

In a statement, Tesla said it offers customers the option to delete personal data through a factory reset on the vehicle. The company says it is "always committed to finding and improving the right balance between the technical needs of vehicles and the privacy of our customers."

Newer vehicles can store a ton of personal and vehicle data. Tesla cars tend to collect and store more vehicle data because they are equipped with more sensors, but the problem of data retention is widespread. Last May, a former owner of Volkswagen told The Verge that, for example, he could still access the location of the Jetta he sold months after the transaction.

As CNBC points out, the retention of personal data is a problem that is more easily associated with rental cars. The Federal Trade Commission has repeatedly reminded consumers to be careful with their information when renting. But as cars are equipped with more sensors and computers, those that have been sold or crashed now contain much more granular information about an owner than is generated in a few days in a rental.

The problem with all this "data wastage" is that some manufacturers transfer the privacy burden to consumers. The owner of Jetta, for example, did not know that Volkswagen attributes the responsibility to the customer to erase their data before selling their car, even if it is being sold to a dealer. Therefore, new car buyers should start treating vehicles as they would with a smartphone and be sure to erase any information before selling it to anyone.

"I believe automakers should be taking steps to ensure that information is not available for unauthorized access (secondary owners or used car dealers, for example)," Soltani writes. "Location and contacts are incredibly personal and sensitive, [and] I think it's problematic to leave that information out there, especially since, unlike mobile phones, cars generally remain in circulation for decades."

Even if they behave perfectly, car owners do not always necessarily have control over the situation. In an accident like the one reported by CNBC, the last thing an owner will probably think about after crashing into a tree is that they need to restore their factory car. And depending on the severity of the crash, the car's screen may not even work, which makes it impossible to do so without additional hardware.

So, as the cars continue to collect more and more data, everyone, from the companies that make them, to the people who buy them, the regulators who oversee the evolving market, should think a bit more about how to make sure that Data does not end up in the wrong hands.

Please Note: This content is provided and hosted by a 3rd party server. Sometimes these servers may include advertisements. igetintopc.com does not host or upload this material and is not responsible for the content.