Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Privacy Security Transportation Technology

Tesla Cars Keep More Data Than You Think (cnbc.com) 57

Tesla vehicles sent to the junk yard after a crash carry much more data than you'd think. According to CNBC, citing two security researchers, "Computers on Tesla vehicles keep everything that drivers have voluntarily stored on their cars, plus tons of other information generated by the vehicles including video, location and navigational data showing exactly what happened leading up to a crash." From the report: One researcher, who calls himself GreenTheOnly, describes himself as a "white hat hacker" and a Tesla enthusiast who drives a Model X. He has extracted this kind of data from the computers in a salvaged Tesla Model S, Model X and two Model 3 vehicles, while also making tens of thousands of dollars cashing in on Tesla bug bounties in recent years. Many other cars download and store data from users, particularly information from paired cellphones, such as contact information.

But the researchers' findings highlight how Tesla is full of contradictions on privacy and cybersecurity. On one hand, Tesla holds car-generated data closely, and has fought customers in court to refrain from giving up vehicle data. Owners must purchase $995 cables and download a software kit from Tesla to get limited information out of their cars via "event data recorders" there, should they need this for legal, insurance or other reasons. At the same time, crashed Teslas that are sent to salvage can yield unencrypted and personally revealing data to anyone who takes possession of the car's computer and knows how to extract it. The contrast raises questions about whether Tesla has clearly defined goals for data security, and who its existing rules are meant to protect.
A Tesla spokesperson said in a statement to CNBC: "Tesla already offers options that customers can use to protect personal data stored on their car, including a factory reset option for deleting personal data and restoring customized settings to factory defaults, and a Valet Mode for hiding personal data (among other functions) when giving their keys to a valet. That said, we are always committed to finding and improving upon the right balance between technical vehicle needs and the privacy of our customers."

The report serves as a reminder for Tesla owners to factory reset their cars before handing them off to a junk yard or other reseller because that other party may not reset your car for you. "Tesla sometimes uses an automotive auction company called Manheim to inspect, recondition and sell used cars," reports CNBC. "A former Manheim employee, who asked to remain anonymous, confirmed that employees do not wipe the cars' computers with a factory reset."

The researchers were able to obtain phonebooks "worth of contact information from drivers or passengers who had paired their devices, and calendar entries with descriptions of planned appointments, and e-mail addresses of those invited." The data also showed the drivers' last 73 navigation locations, as well as crash-related information. The Model 3 that one of the researchers bought for research purposes contained a video showing the car speeding out of the right lane into the trees off the left side of a dark two-lane route. "GPS and other vehicle data reveals that the accident happened in Orleans, Massachusetts, on Namequoit Road, at 11:15 pm on Aug 11, and was severe enough that airbags deployed," the report adds.
This discussion has been archived. No new comments can be posted.

Tesla Cars Keep More Data Than You Think

Comments Filter:
  • by joe_frisch ( 1366229 ) on Friday March 29, 2019 @09:14PM (#58356058)

    Same as I assume for all new technology. Motion, video, voice etc. If it has a sensor, I assume its probably being recorded.

    • by apoc.famine ( 621563 ) <apoc...famine@@@gmail...com> on Friday March 29, 2019 @10:35PM (#58356210) Journal

      Right? Fuck the editors who write these headlines, fuck their supervisors who don't fire them, fuck the submitter for including them, and fuck the /. editors for just rubber stamping shit like this.

      No, they don't keep more data than I think. Honestly, I bet they keep less. I expect them to keep everything. Seat position. Temperature profile. Mirror positions. Then between the seat and mirrors they calculate my body size and keep that. And cross-reference the in-car camera that they take pictures of me with, and the seat firmness to gauge my weight. They've got my age and hearing nailed down, since they can cross-reference volume with the rest of my physical stats and get my BMI.

      Eye-gaze tracking plus exterior cameras means they watch what I look at. Know my sexual orientation, what animals I like, and whether or not my eyesight is good enough to read signs. And what stores I visit.

      Seriously, fuck these headlines. No. They don't keep more detail than I think. I'm a paranoid fuck who understands full well how much they have access to and what they could do with it. And they surprisingly seem to keep less and do less. I've spent like 2 decades hoping that /. could get a headline worthy of the audience, but I'm always disappointed.

      "Dumbasses don't factory reset their Teslas, and leave a lot of personal info in them."

      How hard was that?

      • "Dumbasses don't factory reset their Teslas, and leave a lot of personal info in them."

        Maybe they aren't dumb, but just don't care.

        If someone got all the data from my Tesla, the worst they would see is me picking my nose while I drive.

        Why should I care?

        • Add to it that what you think is trivial is a goldmine for others.

          That's why using a standalone gps and only pairing your phone for voice are key actions to consider.

          • Add to it that what you think is trivial is a goldmine for others.

            Why should I care? What bad thing is going to happen to me if "they" know where I buy my groceries?

        • Perhaps they don't even know hat they could/should should delete the data.

        • Never assign to malice what can be explained by stupidity.

          Most people do not realize the amount of data that is recorded about them. I learned the lesson hard in 1997when my college teacher compared emails between students to prove cheating.

          It was then that I realized that my data was out there and freely shared unencrypted

          I was about to sign up for a Facebook account in 2007 when I saw reports of people who "deleted" their account and when they reactivated it 2 years later had all the information still th

      • by AmiMoJo ( 196126 )

        Maybe you assume everything is recorded all the time, but most people don't. For example, they don't assume that their phones are constantly recording video and making it available to Apple/Google/Samsung because even if that wasn't illegal in many places it would destroy the battery.

        Tesla's "solution" to this is also entirely inadequate. You can factory reset the car... as long as it still works. If it gets smashed up or the screen breaks you are screwed.

        This is an important issue as cars are only going to

        • Wow. You either didn't read or didn't understand my post. Since this seems to be hard for you, I'll try again:

          Maybe you assume everything is recorded all the time, but most people don't.

          My expectations are that most /. readers are not "most people", and thus Buzzfeed clickbait headlines designed for "most people" are inappropriate for this audience.

          An article and/or headline making a statement regarding what I think is a lazy and condescending way to write. There is no reason to do it, and no value in communicating like that.

          I expect journalists to be able to write better than tha

          • by dryeo ( 100693 )

            So what you're saying is that since you know the internals of a Tesla car's computer, you assume everyone here is as knowledgeable.
            Personally, if I was that knowledgeable about the subject, I wouldn't have clicked the link.

      • by MachineShedFred ( 621896 ) on Saturday March 30, 2019 @05:57AM (#58356782) Journal

        And why haven't we seen the same story written about BMW / Mercedes / Acura / Jaguar / Audi / Infiniti / etc. - guess what; they all store data on the car too, because we fucking ask the car to do that so the data is accessible to use in the car without having to connect your phone or re-enter it every single time.

        It's kind of designed to do that, and any high-end car with a connectivity and navigation package will keep basically all of this except maybe the video.

        If people don't know to wipe a device that makes use of personal data before handing permanent ownership of it off by now, then they just aren't paying attention.

        And somehow we only hear about it when it's Tesla. You don't think it's a hot piece being placed by vested interests, do you?

      • "Dumbasses don't factory reset their Teslas, and leave a lot of personal info in them."

        How hard was that?

        You do realize that there could be situations where the computer is broken to the point where the owner cannot factory reset them yet they may still be in good enough shape that data can be extracted from the storage media, correct? You should never assume that the end user is able to factory reset. The data should be held encrypted on the device with something like a TPM that protects the encryption keys and requires a recovery key to be used once you remove the device from the car.

  • by Anonymous Coward on Friday March 29, 2019 @09:17PM (#58356070)

    The researchers were able to obtain phonebooks "worth of contact information from drivers or passengers who had paired their devices, and calendar entries with descriptions of planned appointments, and e-mail addresses of those invited."

    Uh, ya pretty much any car from any manufacturer can be datamined like that. I travel a lot for work and rent cars frequently, and almost every time there's a trove of personal information from when a previous customer paired their phone to the rental. Call logs, text messages, phone books, you name it.

    • by Major_Disorder ( 5019363 ) on Friday March 29, 2019 @10:06PM (#58356168)
      Another thin to consider, is that these cars are junked. based on the age, and price of Teslas it is probably safe to assume they were wrecked. In most cases in a car gets scrapped the owner doesn't have a lot of time to clear their personal data off the car. At least where I live, if the car is really FUBAR, the people at the insurance company will collect the personal items from the car and the original owner will never see their former car again.
      • Yep. Mix of not having access to the vehicle, and possibly the vehicle not being functional enough to do this without specialized know-how.

        Also, right after you're in an accident you're probably not in "delete my browser history" mode. More than likely, top priorities are a) Am I and my passengers ok? b) Are the other people/things involved ok? c) Is my car totaled? Do I need to find a repair place or just buy a new one? d) Holy crap, I need to get home, I need a new car to drive now! ....h)Wait....did I le

  • by King_TJ ( 85913 ) on Friday March 29, 2019 @11:12PM (#58356286) Journal

    But agree with the people who say this is a garbage story. I mean, wow .... Users sync their car with their cellphone so it has a copy of their contacts and calendars, but are all surprised that data was still there if their car gets resold or wrecked and they don't erase it first? Ok ....

    And yeah, a whole LOT of cars on the road today have a "black box" in them that keeps a snapshot of the last 10 seconds or so before a crash of exactly what the driver did. It may not have camera video, but info on the car's speed, steering, braking, etc. is sure stored there.

    Anyone actually surprised they can look at data like a previous owner's GPS destinations is simply not even thinking. Especially with big auto auction houses, it's kind of unreasonable to demand THEY factory reset every car that comes in -- or heck, even just every Tesla that comes in. It's not their responsibility to protect someone else's data. It might even make a car worth a lot more money, if it's certifiably a celebrity of some kind who owned it last? People pay a lot for some weird things.

    • It's not their responsibility to protect someone else's data. It might even make a car worth a lot more money,
      It most certainly depends on jurisdiction. I would assume that in Europe, everyone who commercially sells cars/used cars is obliged to "clean" them first from foreign private data.

      It is perhaps a good idea to make sure anyway, before you sell a car (as a vendor) that it is in factory approved conditions?

  • It's a computer. (Score:5, Insightful)

    by Gravis Zero ( 934156 ) on Friday March 29, 2019 @11:13PM (#58356288)

    Cars are computers. Just like any computer, if you don't wipe the data then it will retain the data as it's designed to do. The same is true of PC, HDDs/SSDs, tablets, smartphones, smartTVs, SD cards, USB sticks and really anything else with a FLASH memory.

    The fact that people are surprised by this just shows that far too many people are ignorant of the fact that they are surrounded by computers.

    • Except here you can't easily wipe anything. Even if you wanted to destroy the flash would you know where to physically look? Does it all get stored in one place or in the separate modules? Don't forget that the cars are never offline either.

  • I assume they collect and keep information including not relevant to car, it probably has the wifi net names of everything within the range of the car

  • ""Computers on Tesla vehicles keep everything that drivers have voluntarily stored on their cars, "

    Just like any other car as well. Computers in cars don't get wiped automatically just because you drive it to the scrap yard.

    If you don't remove your sunglasses and wallet from the glove compartment they will also still be there.

    • I thought that was an odd point to include as well. I'm not interested if a computer keeps data I've told it to include. The rest of the info mentioned is more interesting but not surprising to find out.
  • Should not be a serious problem. They were able recover data because it was unencrypted. Tesla should be able to encrypt the HDD and SSD .

    Even simple symmetric XOR encryption is enough, if the key is individualized for each car. Unless the computer is still operational and you are able to step through and find the key in memory you can't hack it. And it is not that hard to do public-private keys too.

    How to protect decryption when the car is totaled but the computer is still functional? That would be hard

  • https://it.slashdot.org/story/... [slashdot.org] No one seems to care. Data retrieved from wrecked cars get all the attention...

    Of course, stock manipulation and 32 million shares shorted, valued at 7.5 billion dollars, has nothing to do with it.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...