It would be fairly obvious to assume that when you move on from your Tesla to another model, or upgrade to a new infotainment system, that Tesla would wipe out your personal information from your media unit, right?
Well, that is where we were potentially wrong, because it seems that Tesla isn’t going all the way to keep customers’ data secure. The Elon Musk-led electric vehicle maker is reportedly not deleting the previous owners information, posing a massive security risk. A new report from InsideEVs reveals that Tesla is allegedly not erasing information and data of old infotainment system owners, which are now finding their way to eBay and other online sites.
A white hat hacker, GreenTheOnly, purchased 4 MCUs (not the marvel abbreviation, this abbreviation refers to Media Control Unit) from ebay, only to find that all of these units contained information of its previous owner.
every time a model3 wakes up – a screenshot of the display is captured and stored on EMMC. I guess this was some sort of powermanagement debugging thingie that somebody forgot to disable? MCU2 does not do that.
Last 50 such snapshots are stored. We'll see what else I find. pic.twitter.com/LvCpocJ58k
— green (@greentheonly) May 3, 2020
These instruments held sensitive information like location of the former owner’s home and work, phonebook records, call logs, calendar entries, passwords of premium applications such as Spotify, saved passwords of Netflix and Gmail and other session stored cookies.
This basically means that Tesla is passing out hardware instruments, without deleting the previous owners details, and this is frankly very shocking.
GreenTheOnly went on to contact the former owners of these media units, and as you have it, they indeed did own it, and they had upgraded from the former media unit to an upgraded infotainment system.
From the media units that Green had managed to get access to, some of them were from a Model 3, and one system belonged to a Model X. The system from the Model X had been crushed, making one believe that it would not be capable of holding information, but in spite of its crushed state, it still held information.
Furthermore, Green went on to contact Tesla about the method used to to scrap old media units, but Tesla has not returned back to Green with any answer. Certain sources suggest that, the Tesla technicians would hit the infotainment system with a hammer, and that was it. Even a layman like me knows that at most this would damage the display of the system, without doing much to the information that it holds.
Naturally the owners would feel disturbed due to this, and a few of them have gone on to say that Tesla needs to be held accountable for this breach, and I couldn’t agree more with them. An owner of a car lays their entire trust into the car, and for the trust to be failed like this, it is incredibly disappointing. However, we hope Tesla reads into this situation, and rectifies it immediately.
Tesla is not the first brand to compromise their users data, as last month British consumer advice magazine reported that the infotainment systems of Ford and Volkswagen had suffered a very similar security risk.
The moral of the lesson is, before you upgrade to a new car, or media unit, perform a factory reset on your infotainment system by yourself, to make sure nobody knows about the movies you watch on Netflix, or other sensitive information.
This story has been republished from our partner publication, CarThrust. Except the headline, none of the content in this post has been changed.