Tesla has been getting rid of computers without wiping them – compromising customer accounts

Tesla has been throwing away computers without wiping them leaving some customer account compromised. Be aware if Tesla ever had to replace your onboard computer.


With Tesla Autopilot computer upgrade and recently announced MCU2 upgrade, on top of regular replacements for performance issues, Tesla is changing a lot of computers in its vehicles today.

Now the fact that a lot of used Tesla computers are showing up on eBay raises some questions about Tesla’s process to get rid of those computers, which can often contain sensitive information, like Google or Spotify usernames and passwords.
Even more troubling, these passwords don’t seem to be encrypted.

That’s the kind of information that can be used to hack someone and can be described as compromising customer accounts.
Hacker Green acquired several of these computers and managed to find a lot of that kind of information about previous owners.
Fortunately, the first thing he did is reach out to Tesla and let them know about the vulnerability.

The automaker told him that they were launching an investigation into the issue, but the investigation didn’t seem to be taken too seriously.

Green told Electrek that when he shared the VINs of the units he had with Tesla, they told him that those units were “stolen” from them.
However, it appears that Tesla might be stretching the meaning of the word “stolen”.
Green shared proof with Electrek that these computers can be found in Tesla’s service center dumpsters.
He wrote on Twitter:
“I got in contact with Tesla security via proper channels and they are looking into it. But considering units are thrown into trash as per the procedure – not even sure this can be pinned on anybody. At most “why did not you whack it with a hammer at least”?”
Tesla claims that the computers are supposed to be wiped before being thrown away, but he is only aware of a reset procedure that can be done at the factory but not at service centers.
Either people dumpster dive to grab them and sell them to resellers and they end up on eBay, which is hardly “stealing”, or Tesla employees themselves sell the computers.
You can see plenty of them available for sale on the website:
Tesla told Green that they would contact people who are affected by this leak of information, but they haven’t given a clear timeline on that.

Electrek contacted Tesla about the issue and we will update if we get an answer.

Electrek’s Take

Well, that’s dumb.
First off, these computers shouldn’t end up in dumpsters in the first place, they should be recycled, but if they do, they should obviously be wiped. And, even if these things are found, this information should be encrypted so it is at least extremely difficult to ascertain the important information should one of these fall into the wrong hands.

There are going to be thousands of Tesla computers in that situation in the coming months and likely hundreds of thousands over the next year. Kind of a waste of equipment if you ask me.

Tesla needs to have a way better procedure in place before that can happen and they need to make it right for people who have already got a computer upgrade and let them know they should change their passwords.
If you have linked accounts on your Tesla and had your computer upgraded, you should definitely do that.

Comments

Contact Form

Name

Email *

Message *

Popular Posts

How To Hack PUBG Mobile on Android || Easily Hack PUBG Game On Android

How To Hack Pubg Mobile On Android in 2020

Fortnite Boogie Down: How to enable 2FA and get free Epic Games

2020 Suzuki Burgman 200 unveiled - India launch unlikelySuzuki's new Burgman 200 churns out 17.7bhp and 18Nm of torque from a 200cc liquid-cooled engine || suzuki burgman 200 price in kolkata

Infinix Hot 9 Pro launch in India-Price-Features-Specifications | Infinix Hot 9 Pro Review

Follow by Email