Your car is collecting your data – and hackers can get their hands on it
When you sell your tech secondhand, nothing is more important than clearing the data off your device. If you fail to do so, your private information could fall into the wrong hands — which can mean identity theft, stolen money or worse.
Lingering data from previous owners is a major issue for smartphones on the secondhand market. In fact, a study concluded that 1/5 of the smartphones sold on eBay were not properly reformatted, and 17% of the phones sampled contained personally-identifying information. Tap or click here to see what you need to do before you sell your devices.
But it’s not just smartphones and laptops that store personal data. High-tech cars like Teslas have vast infotainment systems that require logins and other private information to enhance your driving experience. And sure enough, a hacker messing with old Tesla consoles found plenty of personal data stored on them to pilfer through. Here’s why.
ABE: Always. Be. Erasing.
The next time you rent a car and set it up to work with your phone over Bluetooth, make sure to delete your phone from the car’s memory and erase any trace that you ever used the car. Otherwise, a tech-savvy renter or auto worker might just gain access to your entire digital life.
Related: Tap or click to see how a hacker can take over your car
A white-hat hacker has conclusively discovered that high-end media systems found in Teslas and other luxury vehicles can store tons of personal data like contacts, email logins, passwords, call histories and map data.
Bad news Sunday. If you had infotainment computer in your Tesla replaced (model3 FSD upgrade, mcu2 retrofit, mcu1 emmc fix or any other fixe requiring computer swap) – consider all accounts you logged into from the car compromised and change pwds.https://t.co/sCs7elRoyk
— green (@greentheonly) May 3, 2020
According to the hacker, who refers to himself as GreenTheOnly, this data was obtained from Tesla Media Control Units, or MCUs, salvaged from cars being serviced. Once he gathered the units, he was easily able to access the information with a bit of modest tinkering. In other words, anyone who knows how can get the information.
All of the devices showed an authorized Tesla service center as their final destination before being unplugged, and 12 out of 13 of these units were obtained on eBay.
So on top of the data problem, we’re also now certain that some Tesla service employees are running a side-hustle by selling these MCU parts without permission! Odds are, this would endanger their jobs with Tesla, but GreenTheOnly doesn’t seem like he’s about to reveal all his sources.
Related: Tap or click to see how a hacker can steal your car by cloning your key
In the tweet he posted above on May 3, GreenTheOnly advises anyone who’s had their Tesla serviced to go through their various accounts and change their passwords. According to him, they’re as good as forfeit, or “pwned” in hacker parlance. Tap or click here to see how you can make stronger passwords.
What should I do when I rent a car or get it serviced?
You aren’t safe if you sell your car or bring it in for service with your smartphone still connected. You’ll need to make sure you’re erasing your device from the car’s memory any time it’s not in your hands.
Of course, the methods to do this will vary depending on your make and model, so make sure to consult your car’s manual and look under Bluetooth settings to see what options you have available. Additionally, you may also want to ask your service advisor what to do before bringing your car in.
This just goes to illustrate how easy our data can be obtained by those who are desperate to access it. We can’t always depend on the security of our devices to protect private information. You’d never leave your wallet or ID cards alone in your car while it’s being worked on, right? Apply the same logic with you’re phone and you’re good to go.
Tags: hackers, personal data, security, Tesla, upgrades