Tesla Cars Keep More Data Than You Think

Tesla vehicles sent to the junk yard after a crash carry much more data than you'd think. According to CNBC, citing two security researchers, "Computers on Tesla vehicles keep everything that drivers have voluntarily stored on their cars, plus tons of other information generated by the vehicles including video, location and navigational data showing exactly what happened leading up to a crash." From the report: One researcher, who calls himself GreenTheOnly, describes himself as a "white hat hacker" and a Tesla enthusiast who drives a Model X. He has extracted this kind of data from the computers in a salvaged Tesla Model S, Model X and two Model 3 vehicles, while also making tens of thousands of dollars cashing in on Tesla bug bounties in recent years. Many other cars download and store data from users, particularly information from paired cellphones, such as contact information.

But the researchers' findings highlight how Tesla is full of contradictions on privacy and cybersecurity. On one hand, Tesla holds car-generated data closely, and has fought customers in court to refrain from giving up vehicle data. Owners must purchase $995 cables and download a software kit from Tesla to get limited information out of their cars via "event data recorders" there, should they need this for legal, insurance or other reasons. At the same time, crashed Teslas that are sent to salvage can yield unencrypted and personally revealing data to anyone who takes possession of the car's computer and knows how to extract it. The contrast raises questions about whether Tesla has clearly defined goals for data security, and who its existing rules are meant to protect. A Tesla spokesperson said in a statement to CNBC: "Tesla already offers options that customers can use to protect personal data stored on their car, including a factory reset option for deleting personal data and restoring customized settings to factory defaults, and a Valet Mode for hiding personal data (among other functions) when giving their keys to a valet. That said, we are always committed to finding and improving upon the right balance between technical vehicle needs and the privacy of our customers."

The report serves as a reminder for Tesla owners to factory reset their cars before handing them off to a junk yard or other reseller because that other party may not reset your car for you. "Tesla sometimes uses an automotive auction company called Manheim to inspect, recondition and sell used cars," reports CNBC. "A former Manheim employee, who asked to remain anonymous, confirmed that employees do not wipe the cars' computers with a factory reset."

The researchers were able to obtain phonebooks "worth of contact information from drivers or passengers who had paired their devices, and calendar entries with descriptions of planned appointments, and e-mail addresses of those invited." The data also showed the drivers' last 73 navigation locations, as well as crash-related information. The Model 3 that one of the researchers bought for research purposes contained a video showing the car speeding out of the right lane into the trees off the left side of a dark two-lane route. "GPS and other vehicle data reveals that the accident happened in Orleans, Massachusetts, on Namequoit Road, at 11:15 pm on Aug 11, and was severe enough that airbags deployed," the report adds.

I assume they keep everything

[joe_frisch]

Same as I assume for all new technology. Motion, video, voice etc. If it has a sensor, I assume its probably being recorded.

Re:I assume they keep everything

[apoc.famine]

Right? Fuck the editors who write these headlines, fuck their supervisors who don't fire them, fuck the submitter for including them, and fuck the /. editors for just rubber stamping shit like this.

No, they don't keep more data than I think. Honestly, I bet they keep less. I expect them to keep everything. Seat position. Temperature profile. Mirror positions. Then between the seat and mirrors they calculate my body size and keep that. And cross-reference the in-car camera that they take pictures of me with, and the seat firmness to gauge my weight. They've got my age and hearing nailed down, since they can cross-reference volume with the rest of my physical stats and get my BMI.

Eye-gaze tracking plus exterior cameras means they watch what I look at. Know my sexual orientation, what animals I like, and whether or not my eyesight is good enough to read signs. And what stores I visit.

Seriously, fuck these headlines. No. They don't keep more detail than I think. I'm a paranoid fuck who understands full well how much they have access to and what they could do with it. And they surprisingly seem to keep less and do less. I've spent like 2 decades hoping that /. could get a headline worthy of the audience, but I'm always disappointed.

"Dumbasses don't factory reset their Teslas, and leave a lot of personal info in them."

How hard was that?

Re:I assume they keep everything

[AmiMoJo]

Maybe you assume everything is recorded all the time, but most people don't. For example, they don't assume that their phones are constantly recording video and making it available to Apple/Google/Samsung because even if that wasn't illegal in many places it would destroy the battery.

Tesla's "solution" to this is also entirely inadequate. You can factory reset the car... as long as it still works. If it gets smashed up or the screen breaks you are screwed.

This is an important issue as cars are only going to get more and more of these features. Some of them are useful, such as the new "sentry" mode that records video while parked so you can see who dinged your door. It's very beta right now and doesn't work well, but people are still very happy that it exists.

Re: I assume they keep everything

[MachineShedFred]

And why haven't we seen the same story written about BMW / Mercedes / Acura / Jaguar / Audi / Infiniti / etc. - guess what; they all store data on the car too, because we fucking ask the car to do that so the data is accessible to use in the car without having to connect your phone or re-enter it every single time.

It's kind of designed to do that, and any high-end car with a connectivity and navigation package will keep basically all of this except maybe the video.

If people don't know to wipe a device that makes use of personal data before handing permanent ownership of it off by now, then they just aren't paying attention.

And somehow we only hear about it when it's Tesla. You don't think it's a hot piece being placed by vested interests, do you?

Re:I assume they keep everything

[apoc.famine]

Wow. You either didn't read or didn't understand my post. Since this seems to be hard for you, I'll try again:

Maybe you assume everything is recorded all the time, but most people don't.

My expectations are that most /. readers are not "most people", and thus Buzzfeed clickbait headlines designed for "most people" are inappropriate for this audience.

An article and/or headline making a statement regarding what I think is a lazy and condescending way to write. There is no reason to do it, and no value in communicating like that.

I expect journalists to be able to write better than that.

If journalists can't, I expect /. submitters to do better.

If /. submitters can't, I expect /. editors to.

And if /. editors can't, I expect /. posters to point out this long chain of failing. If we don't demand at least some minimal standards, we might as well just go to reddit.

Another Tesla Smear article

The researchers were able to obtain phonebooks "worth of contact information from drivers or passengers who had paired their devices, and calendar entries with descriptions of planned appointments, and e-mail addresses of those invited."

Uh, ya pretty much any car from any manufacturer can be datamined like that. I travel a lot for work and rent cars frequently, and almost every time there's a trove of personal information from when a previous customer paired their phone to the rental. Call logs, text messages, phone books, you name it.

Re:Another Tesla Smear article

[Major_Disorder]

Another thin to consider, is that these cars are junked. based on the age, and price of Teslas it is probably safe to assume they were wrecked. In most cases in a car gets scrapped the owner doesn't have a lot of time to clear their personal data off the car. At least where I live, if the car is really FUBAR, the people at the insurance company will collect the personal items from the car and the original owner will never see their former car again.

Re:Another Tesla Smear article

[apoc.famine]

Yep. Mix of not having access to the vehicle, and possibly the vehicle not being functional enough to do this without specialized know-how.

Also, right after you're in an accident you're probably not in "delete my browser history" mode. More than likely, top priorities are a) Am I and my passengers ok? b) Are the other people/things involved ok? c) Is my car totaled? Do I need to find a repair place or just buy a new one? d) Holy crap, I need to get home, I need a new car to drive now! ....h)Wait....did I leave any personal stuff in my car? ....y) Wait....did I leave any personal information in my car that someone could potentially access if they hooked up a computer to it in the junkyard?

Tesla, like Apple, generates the web hits....

[King_TJ]

But agree with the people who say this is a garbage story. I mean, wow .... Users sync their car with their cellphone so it has a copy of their contacts and calendars, but are all surprised that data was still there if their car gets resold or wrecked and they don't erase it first? Ok ....

And yeah, a whole LOT of cars on the road today have a "black box" in them that keeps a snapshot of the last 10 seconds or so before a crash of exactly what the driver did. It may not have camera video, but info on the car's speed, steering, braking, etc. is sure stored there.

Anyone actually surprised they can look at data like a previous owner's GPS destinations is simply not even thinking. Especially with big auto auction houses, it's kind of unreasonable to demand THEY factory reset every car that comes in -- or heck, even just every Tesla that comes in. It's not their responsibility to protect someone else's data. It might even make a car worth a lot more money, if it's certifiably a celebrity of some kind who owned it last? People pay a lot for some weird things.

It's a computer.

[Gravis+Zero]

Cars are computers. Just like any computer, if you don't wipe the data then it will retain the data as it's designed to do. The same is true of PC, HDDs/SSDs, tablets, smartphones, smartTVs, SD cards, USB sticks and really anything else with a FLASH memory.

The fact that people are surprised by this just shows that far too many people are ignorant of the fact that they are surrounded by computers.

Re: Another reminder to not buy a Tesla.

[MachineShedFred]

Then don't buy any other car that talks to your phone via Bluetooth either.

This article only mentions Tesla for clickbait, but other manufacturers have been doing this for over a decade.

Don't be a tool.