Slashdot Mirror
Tesla Cars Keep More Data Than You Think (cnbc.com)
Tesla vehicles sent to the junk yard after a crash carry much more data than you'd think. According to CNBC, citing two security researchers, "Computers on Tesla vehicles keep everything that drivers have voluntarily stored on their cars, plus tons of other information generated by the vehicles including video, location and navigational data showing exactly what happened leading up to a crash." From the report: One researcher, who calls himself GreenTheOnly, describes himself as a "white hat hacker" and a Tesla enthusiast who drives a Model X. He has extracted this kind of data from the computers in a salvaged Tesla Model S, Model X and two Model 3 vehicles, while also making tens of thousands of dollars cashing in on Tesla bug bounties in recent years. Many other cars download and store data from users, particularly information from paired cellphones, such as contact information.
But the researchers' findings highlight how Tesla is full of contradictions on privacy and cybersecurity. On one hand, Tesla holds car-generated data closely, and has fought customers in court to refrain from giving up vehicle data. Owners must purchase $995 cables and download a software kit from Tesla to get limited information out of their cars via "event data recorders" there, should they need this for legal, insurance or other reasons. At the same time, crashed Teslas that are sent to salvage can yield unencrypted and personally revealing data to anyone who takes possession of the car's computer and knows how to extract it. The contrast raises questions about whether Tesla has clearly defined goals for data security, and who its existing rules are meant to protect. A Tesla spokesperson said in a statement to CNBC: "Tesla already offers options that customers can use to protect personal data stored on their car, including a factory reset option for deleting personal data and restoring customized settings to factory defaults, and a Valet Mode for hiding personal data (among other functions) when giving their keys to a valet. That said, we are always committed to finding and improving upon the right balance between technical vehicle needs and the privacy of our customers."
The report serves as a reminder for Tesla owners to factory reset their cars before handing them off to a junk yard or other reseller because that other party may not reset your car for you. "Tesla sometimes uses an automotive auction company called Manheim to inspect, recondition and sell used cars," reports CNBC. "A former Manheim employee, who asked to remain anonymous, confirmed that employees do not wipe the cars' computers with a factory reset."
The researchers were able to obtain phonebooks "worth of contact information from drivers or passengers who had paired their devices, and calendar entries with descriptions of planned appointments, and e-mail addresses of those invited." The data also showed the drivers' last 73 navigation locations, as well as crash-related information. The Model 3 that one of the researchers bought for research purposes contained a video showing the car speeding out of the right lane into the trees off the left side of a dark two-lane route. "GPS and other vehicle data reveals that the accident happened in Orleans, Massachusetts, on Namequoit Road, at 11:15 pm on Aug 11, and was severe enough that airbags deployed," the report adds.
But the researchers' findings highlight how Tesla is full of contradictions on privacy and cybersecurity. On one hand, Tesla holds car-generated data closely, and has fought customers in court to refrain from giving up vehicle data. Owners must purchase $995 cables and download a software kit from Tesla to get limited information out of their cars via "event data recorders" there, should they need this for legal, insurance or other reasons. At the same time, crashed Teslas that are sent to salvage can yield unencrypted and personally revealing data to anyone who takes possession of the car's computer and knows how to extract it. The contrast raises questions about whether Tesla has clearly defined goals for data security, and who its existing rules are meant to protect. A Tesla spokesperson said in a statement to CNBC: "Tesla already offers options that customers can use to protect personal data stored on their car, including a factory reset option for deleting personal data and restoring customized settings to factory defaults, and a Valet Mode for hiding personal data (among other functions) when giving their keys to a valet. That said, we are always committed to finding and improving upon the right balance between technical vehicle needs and the privacy of our customers."
The report serves as a reminder for Tesla owners to factory reset their cars before handing them off to a junk yard or other reseller because that other party may not reset your car for you. "Tesla sometimes uses an automotive auction company called Manheim to inspect, recondition and sell used cars," reports CNBC. "A former Manheim employee, who asked to remain anonymous, confirmed that employees do not wipe the cars' computers with a factory reset."
The researchers were able to obtain phonebooks "worth of contact information from drivers or passengers who had paired their devices, and calendar entries with descriptions of planned appointments, and e-mail addresses of those invited." The data also showed the drivers' last 73 navigation locations, as well as crash-related information. The Model 3 that one of the researchers bought for research purposes contained a video showing the car speeding out of the right lane into the trees off the left side of a dark two-lane route. "GPS and other vehicle data reveals that the accident happened in Orleans, Massachusetts, on Namequoit Road, at 11:15 pm on Aug 11, and was severe enough that airbags deployed," the report adds.
record in the database!
Same as I assume for all new technology. Motion, video, voice etc. If it has a sensor, I assume its probably being recorded.
The researchers were able to obtain phonebooks "worth of contact information from drivers or passengers who had paired their devices, and calendar entries with descriptions of planned appointments, and e-mail addresses of those invited."
Uh, ya pretty much any car from any manufacturer can be datamined like that. I travel a lot for work and rent cars frequently, and almost every time there's a trove of personal information from when a previous customer paired their phone to the rental. Call logs, text messages, phone books, you name it.
Stop calling it a computer. It's a car
Slashdot will dupe this story faster than a supercharger can electrocute deez NUTZ
Former car rental drivers leaving data behind is ABSOLUTELY nothing like Tesla reselling used cars and not wiping the computer before sending it on.
How much money have you lost on your Tesla stock so far?
I have never bought, sold, or anything elsed Tesla. I go to Vegas when I want to bet on long odds.
In this case, though, Tesla is a super fucked company. Tick tock, just a matter of time now.
I bought my stock at $189, I still make money.
Sounds like you're short to me ;)
Volatility is crazy, so both sides can win.
But agree with the people who say this is a garbage story. I mean, wow .... Users sync their car with their cellphone so it has a copy of their contacts and calendars, but are all surprised that data was still there if their car gets resold or wrecked and they don't erase it first? Ok ....
And yeah, a whole LOT of cars on the road today have a "black box" in them that keeps a snapshot of the last 10 seconds or so before a crash of exactly what the driver did. It may not have camera video, but info on the car's speed, steering, braking, etc. is sure stored there.
Anyone actually surprised they can look at data like a previous owner's GPS destinations is simply not even thinking. Especially with big auto auction houses, it's kind of unreasonable to demand THEY factory reset every car that comes in -- or heck, even just every Tesla that comes in. It's not their responsibility to protect someone else's data. It might even make a car worth a lot more money, if it's certifiably a celebrity of some kind who owned it last? People pay a lot for some weird things.
Cars are computers. Just like any computer, if you don't wipe the data then it will retain the data as it's designed to do. The same is true of PC, HDDs/SSDs, tablets, smartphones, smartTVs, SD cards, USB sticks and really anything else with a FLASH memory.
The fact that people are surprised by this just shows that far too many people are ignorant of the fact that they are surrounded by computers.
Anons need not reply. Questions end with a question mark.
Did you sell yet? If not you have not made any money. What was your sell price?
I assume they collect and keep information including not relevant to car, it probably has the wifi net names of everything within the range of the car
Thank you for the heads up!
I'm sure all the people reading slashdot, are acutely aware of this, this is not news, this is filler ... ways to access the api, (right to repair, right to ownership?) goddamn this is your data plan, your car, your harddrive they record it on, client-vendor relationship should be of utmost privacy, otherwise it's just a fnacy contract lease, if you cant control every aspect of something you own, you are renting ... which is fine, but if this is the model Tesla chooses to go down, imma replace my A6 with another A6 and Tesla can suck my balls. And this should be published everywhere, as I'm sure Elon would be much embarassed and renege on such policy, this is worse then the communist country I came from, and it's all been adopted without a challenge of ownership laws, a challenge in the court of law, without so much as setting a standard for publicly engaged automatic systems ... the government falling behind the tech curve is at fault, the archaic lawmakers that have setup the system in their favor; in past times, the government would engage with technology and define standards such that a fair market place exists for all participants, the standards proposed are woefully inadequate, and fail the fully engage the potential of the technology because the 60+ crowd is stuck in some 70s bullshit. I doubt once highways were established that government failed to act, and now with these "ai" standards, they (elon as well, singularity? wtf are you still stuck in some high school bullshit? multiple dimensions? lol even slashdot dissappoints, these are reasoned peoples as much as can be found, bu then they say such ignorant bullshit as multiple dimensions are a real concept because your mathematical model depends on this abstraction to explain a simple physical phenomena? like einstein realised long ago, these are simply models, they are not reality, we can use them to predict reactions, but to contrive a system wholly detached from reality, because a math model told you so? lol imagine if you were in ancient times, you would be those plebes limited to maximizing a faulty model of ptolemy's theory) ... numbers neither times exists, outside of our particular understanding ... the real problem in science is accuracy of measurement .. so we ascribe to all sorts of retarded misunderstood theory (poor shrodinger) ... of a probablistic (statistical analysis) system, and try to mold reality to fit the model because certain individuals are too inexperienced to advance the model further. The real sadness comes at the realization that the professors now holding that engrandeured tenure are simply parrots of popular theory as much as the teenage girls accepted in their current clique because they fully believe the unfounded claims of some recent gossip. The only way forward is to achieve some level of advancement in measurement, the current theories simply push our understanding of our present measurements to the limits, and are often conjecture. To observe without affecting is real science, to affect outcomes palatable to your area of study, sadly has become the standard. The field is wide, and the niches of absurdity grow evermore as we become more fixated on expanding the reaches of someone else's understanding without ever fully really understanding what they were trying to prove, we subject them to "academic" rigor, as to bend their train of thought to the common beliefs. Theories outside the realm of understood physics (pilot wave theory of radiation) mistreated. to be honest with readers, i myself hold a masters degree in architecture, a bachelor of comp sci, and am studying in my 4th year of aerospace engineering. But the deference i have seen colleagues treated for simply trying to explore alternative methods is discouraging;
Pot..Kettle...Black
""Computers on Tesla vehicles keep everything that drivers have voluntarily stored on their cars, "
Just like any other car as well. Computers in cars don't get wiped automatically just because you drive it to the scrap yard.
If you don't remove your sunglasses and wallet from the glove compartment they will also still be there.
Stock losses are only losses if you sell, or the company goes bust. Your short term thinking is what is wrong with the market.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
Even simple symmetric XOR encryption is enough, if the key is individualized for each car. Unless the computer is still operational and you are able to step through and find the key in memory you can't hack it. And it is not that hard to do public-private keys too.
How to protect decryption when the car is totaled but the computer is still functional? That would be hard, but it should possible to remove/destroy one chip somewhere that holds the keys. And issue guidance to insurance companies and users to destroy that part when the car is totaled.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
"video, location and navigational data showing exactly what happened leading up to a crash"
IMHO, all vehicles should/must record everything (video, sound, vehicle/location data) leading up to a crash & by law!!!
IMHO, taking out all guesswork from all traffic accidents would be tremendously beneficial for common good of general public!!!
(& both, for Law Enforcement & Vehicle Manufacturers!!!)
Of course, stock manipulation and 32 million shares shorted, valued at 7.5 billion dollars, has nothing to do with it.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact