A Tesla 3 hack shows massive amounts of unencrypted data stored in the car

3 min read
2

It appears Facebook is not the only one that plays dirty with your personal data as Tesla has been bust for storing private information in an unencrypted manner. This comes as a group of researchers claim to have found a trove of unencrypted location, camera, and other data on a wrecked Tesla Model 3, according to a new report from CNBC.

The two researchers say they bought a wrecked Model 3 in late 2018 for the sake of evaluating its data. When they accessed the car’s computer, they found unencrypted data from “at least 17 different devices,” according to the report. (The car had been owned by a construction company and presumably used by multiple employees.) That included 11 driver or passenger phonebooks, with numbers, email addresses, and calendar entries intact. The researchers also gained access to the last 73 locations that had been plugged into the car’s navigation system.

This is obviously a scary find and a big concern to not only how much data is gathered from the different drivers who are all openly allowing the car to integrate with their phones, but even more so that they are not encrypting it in some way. It’s easy to think that car-hacking could become a thing if this type of behaviour continues with Tesla and possibly even other car manufactures who are similarly collecting data unknowingly from drivers.

It’s not just personal data though that could be a concern as the car’s computer reportedly still contained footage from one of the Model 3’s seven cameras. This included the forward-facing view of the wreck that totalled the car, as well as a clip of a previous crash that was less serious. While there are obvious benefits for manufacturers and insurers with information like this, users may feel a little uncomfortable knowing that their potential bad driving habits could be stored on the car.

One of the researchers told CNBC that he found similar data from other Tesla vehicles, too, including a Tesla Model S, Model X, and two other Model 3s. The researchers go on to praise the sophistication of the vehicles themselves and how impressive the underlying technology is. Which is perhaps all the more surprising that they are then so careless with data.

In a statement, posted on The Verge, Tesla said it offers customers the option to delete personal data by performing a factory reset on the vehicle. The company says it’s “always committed to finding and improving upon the right balance between technical vehicle needs and the privacy of our customers.”

This is obviously a difficult thing to resolve and while it might seem like not much of a risk to private owners who don’t mind the car storing all this information, knowing it is still fairly difficult to extract, it could easily create a problem for the rental car market where people will unknowingly give access to some private details to other savvy users who may know how to extract it.

As the world increasingly become connected though this is not a problem that is going to go away and unless governments start to legislate exactly how and what data should be stored we are going to keep running into these issues. Hopefully Tesla will learn a few things from this and work on an encryption system for drivers. For now, it’s safe to assume that pretty much all data stored on some device, is potentially out in the open. Or if you get the prompt asking for your information to be shared from your phone, just select no for now.

Last Updated: April 2, 2019

Check Also

WhatsApp to take action against spammers

Who doesn't hate spam? It turns out WhatsApp does too and wants to take action against com…