Tesla discarded on-board computers without deleting customer personal data

A hacker discovered that computers replaced by Tesla technical centers were regularly found on the market and that they still contained the personal data of their former owners.

Model 3 infotainment screen

A strange and disappointing discovery was made by the hacker @greentheonly. At the forefront of Tesla innovations, he was the first to show the detection of traffic lights, to mention the position of the cheetah for faster acceleration on Model S and X or to determine what the camera sees in the passenger compartment of Model 3.

Netflix, addresses, phone numbers, and even accounts are accessible

Today, it is a problem of privacy that he is tackling. He sought to find out what information was stored on the on-board computers which are surprisingly being sold on eBay. These being largely useless since it is almost impossible to replace it by yourself, their price dropped enormously which made the investigation possible.

So he bought 4 units, including one broken, to try to read the content. He was surprise to find that he was able to find a lot of personal information such as the address of the former owner’s home and workplace and even phone numbers and Netflix session cookie which in theory would take control of the account.

A procedure which should include the systematic erasure of data

He contacted Tesla and InsideEVs. If the first did not respond, our colleagues decided to continue the investigation by trying to retrace the scenario of the events. Each of these 4 owners has had to replace their on-board computer in order to take advantage of the latest innovations in the Autopilot. They went to a Tesla technical center to have the operation carried out, but had no idea that their old equipment had ended up on eBay.

There are 2 possibilities: either a person recovered the computers in the garbage can in the garage, or one of the employees sold the devices online to make some pocket money. It would seem that the procedure is to destroy them with a hammer before throwing them, hence the damaged one. However, this does not guarantee the disappearance of the data. InsideEVs has contacted the manufacturer to find out the procedure in place and what it intends to do to protect the privacy of its customers in the future. The manufacturer has not yet responded.

Contact the author: adriangonzalez@wheelsjoint.com

Inline Feedbacks
View all comments