Skip to main content

Hacker buys old Tesla parts on eBay, finds them full of user data

posted onMay 6, 2020
by l33tdawg
Arstechnica
Credit: Arstechnica

Tesla infotainment systems are a marvel to behold. Among other things, they display Netflix or YouTube videos, run Spotify, connect to Wi-Fi, and of course store phone numbers of contacts. But those benefits require storing heaps of personal information that an amateur researcher found can reveal owners’ most sensitive data.

The researcher, who described himself as a “Tesla tinkerer that's curious about how things work,” recently gained access to 13 Tesla MCUs—short for media control units—that were removed from electric vehicles during repairs and refurbishments. Each one of the devices stored a trove of sensitive information despite being retired. Examples included phone books from connected cell phones, call logs containing hundreds of entries, recent calendar entries, Spotify and W-Fi passwords stored in plaintext, locations for home, work, and all places navigated to, and session cookies that allowed access to Netflix and YouTube (and attached Gmail accounts).

All 13 of the devices showed that their last location was at a Tesla service center, an indication that they were removed by an authorized Tesla technician. Tesla service stations remove MCUs for several reasons. Most commonly, it’s to replace a faulty device or to upgrade to a newer, more advanced device model that improves the vehicle's autopilot.

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th