Tesla Data Leak: Pre-Owned Vehicle Infotainment Components Store Owners" Personal Details and Passwords
According to white hat hacker GreenTheOnly, Tesla forgot to wipe personal information of customers from previously used infotainment and Autopilot hardware.The discovery came about after Green found and purchased four pre-owned Tesla components from Ebay.
“Bad news Sunday. If you had infotainment computer in your Tesla replaced (model3 FSD upgrade, mcu2 retrofit, mcu1 emmc fix or any other fixe requiring computer swap) – consider all accounts you logged into from the car compromised and change pwds,” said Green in a Twitter post on May 3.
While normal vehicle infotainment systems can store phone numbers, audio media and addresses, Tesla components also enable access to video- and audio-streaming platforms such as Netflix and Spotify.
You can also check if your private data has been exposed online! Use Bitdefender”s Digital Identity Protection tool to see where you stand at the moment and what the internet knows about you.
In some of the systems, the researcher found Netflix session cookies that could be used to gain access to the owner”s account, while others included stored Gmail cookies, WiFi passwords and Spotify passwords in plain text.
“In particular if you log into spotify – the password is stored in plain text. gmail and netflix are stored as a cookie but still give a potential attacker access. The of course all recent calendar events and your phone book and calls history too,” Green added.
The company says upgrading a car”s hardware to gain access to new features and upgrades is performed in Tesla service centers, and owners can also request the transfer of their personal data and preferences to the new installations.
While service centers should destroy any pre-owned hardware, or at least wipe existing personal information, it is unclear how the hardware found its way onto the Ebay marketplace.
Green also notified Tesla representatives of his findings.However, the company failed to notify affected customers, and has yet to release an official statement.
Tesla owners that wish to sell their vehicles are advised to manually wipe the data from their infotainment systems, and should they opt for upgrading their car with new fittings, they should make sure that the service center properly disposes of the hardware and deleted any existing information.
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight
April 15, 2022
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users
April 14, 2022
Why and how to hide your IP address while traveling
April 13, 2022
How Bitdefender Can Help Restore Your Privacy in the Digital Age
April 04, 2022
How Strong is VPN Encryption?
February 28, 2022
Top Three Ways Internet Users Unknowingly Help Cybercriminals
February 25, 2022