Tesla’s infotainment units are potentially ‘leaking’ user data?
All thanks to a hacker, who discovered that Tesla would not wipe out the information of the infotainment systems and these systems hold crucial details of it's previous customers.
Tesla is known not only for manufacturing one of the world’s best electric vehicles, but the gadgetry which their cars use on the inside are a marvel. One of the most loved gadgets in a Tesla is particularly their tablet like infotainment system.
While operating this media control unit, one would surely feel like they were part of a Star Trek or Star Wars universe, and this makes for a very enjoyable experience. Some of the very interesting features provided by this system are, Youtube, Netflix, Spotify, wi-fi services etc, and features like these can make driving even more joyous, especially when you are stuck in traffic.
However, while using these features, we enter our passwords for said services, without wondering that, maybe this could be accessed by someone else. Why would we think about this aspect?
It would be fairly obvious that when you move on from your Tesla to another car, or upgrade to a new infotainment system, that Tesla would wipe out your personal information from your media unit, right?
Well, that is where we were potentially wrong, because it seems that Tesla has forgotten to delete the previous owners information, and that is a massive security risk.
A white hat hacker, GreenTheOnly, purchased 4 MCUs (not the marvel abbreviation, this abbreviation refers to Media Control Unit) from ebay, only to find that all of these units contained information of its previous owner.
These instruments held sensitive information like location of the former owner’s home and work, phonebook records, call logs, calendar entries, passwords of premium applications such as Spotify, saved passwords of Netflix and Gmail and other session stored cookies.
This basically means that Tesla is passing out hardware instruments, without deleting the previous owners details, and this is frankly very shocking.
GreenTheOnly went on to contact the former owners of these media units, and as you have it, they indeed did own it, and they had upgraded from the former media unit to an upgraded infotainment system.
From the media units that Green had managed to get access to, some of them were from a Model 3, and one system belonged to a Model X. The system from the Model X had been crushed, making one believe that it would not be capable of holding information, but in spite of its crushed state, it still held information.
Furthermore, Green went on to contact Tesla about the method used to to scrap old media units, but Tesla has not returned back to Green with any answer. Certain sources suggest that, the Tesla technicians would hit the infotainment system with a hammer, and that was it. Even a layman like me knows that at most this would damage the display of the system, without doing much to the information that it holds.
Naturally the owners would feel disturbed due to this, and a few of them have gone on to say that Tesla needs to be held accountable for this breach, and I couldn’t agree more with them. An owner of a car lays their entire trust into the car, and for the trust to be failed like this, it is incredibly disappointing. However, we hope Tesla reads into this situation, and rectifies it immediately.
Tesla is not the first brand to compromise their users data, as last month British consumer advice magazine reported that the infotainment systems of Ford and Volkswagen had suffered a very similar security risk.
The moral of the lesson is, before you upgrade to a new car, or media unit, perform a factory reset on your infotainment system by yourself, to make sure nobody knows about the movies you watch on Netflix, or other sensitive information.