Researcher Discovers That Old Tesla Media Control Units Are Full Of Owner’s Private Data Even After A Factory Reset

There’s a hacker/security researcher with the Twitter handle GreenTheOnly that has been doing some interesting work with used Tesla parts. This time specifically, he’s acquired three Tesla Model 3 integrated media control units (MCU) and Autopilot (HW) units (known as the ICE computer, just for Models 3 and Y), and a Model X MCU unit. These were purchased off eBay, and despite having been reset, Green found that plenty of private owner information and passwords were still easily recoverable from the units.

[…]

There’s a number of reasons why Tesla owners may need to replace these units: if you’re adding on Autopilot to an existing car, for example, some early models had data-logging issues that caused failure after a few years, and various other wear-and-tear and failure issues.

Once he had the units, Green found that there was a surprising amount of data still on them, from what appear to be debugging screenshots taken every time a Model 3 starts up:

…to far more compromising data, which he described to InsideEVs:

“…owner’s home and work location, all saved wi-fi passwords, calendar entries from the phone, call lists and address books from paired phones, Netflix and other stored session cookies.”

That’s a security hole big enough to drive a Model X through, even with the Falcon Doors stuck open. And, speaking of the Model X, the unit he got from that model was physically crushed, but data was still recoverable.

Green gave more details on his Twitter feed, clarifying that the Spotify passwords are stored as plain text, and that the Netflix and Gmail passwords are stored in cookie format:

The ability to get calendar events and owner’s phone book and call history are also huge security breaches, too.

When owners decide to upgrade their cars’ computer, Tesla will only let them keep their original hardware for, according to a Tesla owners’ forum, a $1,000 fee. Yes, it’s strange to have to pay the company to take hardware that you should have owned when you bought your car, but Tesla has a history with non-traditional ideas of just what you think you’ve bought with your car.

Source: Researcher Discovers That Old Tesla Media Control Units Are Full Of Owner’s Private Data Even After A Factory Reset