CATEGORIES
home News

Security Researchers Find Tesla Model 3 MCU Stores Personal Data Even After Reset

by Shane McGlaunFriday, May 08, 2020, 12:27 PM EDT
model 3 red

A security researcher that goes by GreenTheOnly on Twitter recently shared some information that impacts some of the most popular Tesla vehicles. According to Green, some Tesla hardware currently being sold on eBay retains a significant amount of personal information from previous owners even after a reset. The parts the security researcher tested include a Tesla Model 3 integrated media control unit (MCU) and Autopilot (HW) units.

The MCU and HW units for a Model 3 along with a Model X MCU unit were acquired from eBay. All three of the units had been reset, but the researcher found that a slew of private owner information, including passwords, were still easily recoverable from the units. Among the private data that Green found stored on the Tesla hardware were screenshots of the display captured and stored on eMMC each time the Model 3 wakes up. The last 50 snapshots were stored on the device.

tesla media controller

The most concerning data found on the hardware included the owner's home and work location, saved Wi-Fi passwords, calendar entries from their phones, call lists, address books from paired phones, Netflix details, and other stored session cookies. Green noted that the prices for Tesla hardware have come down, leading more security researchers to get their hands on it for testing. Lower prices could lead hackers to acquire the hardware to steal personal data.

Interestingly, the Model X MCU acquired for testing had been physically crushed, presumably by the accident that totaled the vehicle leading to its hardware being for sale on eBay. Despite being physically crushed, the data was still recoverable from the device. The Spotify password stored on the hardware was stored as plain text. Netflix and Gmail passwords were stored in cookie format that could be exploited by hackers.

Green hopes the research findings will encourage Tesla to encrypt data on its hardware. These are significant security holes for an automaker who has sponsored events challenging hackers to find flaws and exploits in its vehicle systems. In March, a security researcher was able to execute a hack that disabled autopilot notifications, the speedometer, climate controls, and more. The hacker said the vulnerability he discovered impacts all Model 3 vehicles running software version 2020.4.10 or older.

Tags:  security, Tesla, Elon Musk, (NASDAQ:TSLA), tesla model x, tesla model 3
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment