Wrecked Cars Are Now a Treasure Trove of Personal Information

wrecked cars are now a treasure trove of personal information

As cars grow more dependent upon computer-controlled driving aids and automakers implement permanent internet connectivity, we’ve grown increasingly concerned with how automakers handle their customer’s data.

It sounds conspiratorial, but there’s a series of events to hang the tinfoil hat on. In 2017, General Motors announced it had successfully monitored the listening habits of 90,000 motorists in a study aimed at improving marketing insights. It also rejiggered OnStar and introduced the Marketplace app for seamless in-car purchasing options. Our take was that it was as impressive as it was ominous — and GM is only leading the charge into a what analysts believe will eventually become a multi-billion dollar industry.

Naturally, this led to privacy concerns over how automakers will protect customer data on future models. But we might want to start worrying about the cars we have now. A couple of white-hat hackers (those are the good ones) recently probed the internal computer networks of wrecked and salvaged Teslas and found a mother lode of personal information waiting inside.

According to a report from CNBC, GreenTheOnly and fellow hacker Theo, a Tesla proponent who has repaired hundreds of wrecked Teslas, purchased a wrecked Model 3 for research purposes in 2018. During their time with the vehicle, the pair found it was owned by a Boston-area construction company and had held onto unencrypted data from at least 17 different devices.

From CNBC:

Mobile phones or tablets had paired to the car around 170 times. The Model 3 held 11 phonebooks’ worth of contact information from drivers or passengers who had paired their devices, and calendar entries with descriptions of planned appointments, and e-mail addresses of those invited. (CNBC called and e-mailed several of the people who had paired their phones to the vehicle to verify their information was authentic.)

The data also showed the drivers’ last 73 navigation locations including residential addresses, the Wequassett Resort and Golf Club, and local Chik-Fil-A and Home Depot locations.

The car also stored the crash data, which included video footage from months prior. This allowed the hackers to pair the iPhone in use at the time of the wreck to a relative of the founder and chairman of the company that owned the Model 3. They even had the call logs and could tell that a family member had contacted the driver moments before the crash.

GreenTheOnly claims to have been able to yank similar data off other salvaged Teslas, saying he has amassed a small fortune off Tesla’s bug bounties. However, as willing as the company is to pay good-natured hackers to find flaws in its software, it’s also very protective of the data it collects. Tesla has gone to court to avoid handing the information over to customers. In fact, owners without hacker know-how have to purchase proprietary cables and software from the manufacturer just to get basic information out of the vehicle.

It’s also clear that the data is not being automatically erased in the event of a crash or after a change in ownership. But Tesla claims it’s on it.

“Tesla already offers options that customers can use to protect personal data stored on their car, including a factory reset option for deleting personal data and restoring customized settings to factory defaults, and a Valet Mode for hiding personal data (among other functions) when giving their keys to a valet,” explained a Tesla spokesperson. “That said, we are always committed to finding and improving upon the right balance between technical vehicle needs and the privacy of our customers.”

Admirable, but we already know that a large swath of motorists don’t understand all the features in their car. And that’s not likely to improve as automobiles become increasingly complicated. There will always be a subset of drivers who won’t understand how to protect stored data or even care to learn how.

GreenTheOnly and Theo noted that Tesla cameras can record while the car is parked, and that there’s no way for an owner to know when they might be doing so. The cameras enable features like “sentry mode” and trigger the car’s automatic wipers. “Tesla is not super transparent about what and when they are recording, and storing on internal systems,” GreenTheOnly explained. “You can opt out of all data collection. But then you lose [over-the-air software updates] and a bunch of other functionality. So, understandably, nobody does that, and I also begrudgingly accepted it.”

While Tesla found itself the focus of the hackers’ research, data protection is an issue that isn’t likely to be isolated to a single manufacturer. Several large automakers are already in the process of finishing data storage centers and deciphering how to best monetize information as cars grow increasingly connected to the internet. Meanwhile, the European Union voted in 2018 to make all telemetry data copyrighted by the automaker — which includes information accrued via a vehicle’s navigational systems — and China is pushing for the full-time monitoring of all new alternative-energy vehicles.

[Image: Tesla]

Join the conversation
4 of 18 comments
  • Golden2husky Golden2husky on Apr 02, 2019

    All those who think the government is the big spy - Corporate America is the biggest enemy against your privacy. The feds don't really give a damn. But give the Corporate Overlords a way to separate you from your money - the real reason to steal your information - and they will do it every time. Give customers some convenience features, link in heavy data mining, and block out functionality for those who "opt out" and you have a veritable treasure trove of unlimited data theft. Locate your airbag control module, and take it out in case of a wreck. Pull the fuse on Onstar-type devices. Of course, the automakers will then put something desirable on the same circuit to discourage such behavior.

    • Gass-man Gass-man on Apr 02, 2019

      Well, yeah. But remember Corporate America owns Congress completely. They paid good money for it!

  • Conundrum Conundrum on Apr 02, 2019

    I must have missed the emails where all these companies asked my permission to use my data. There's never been an OPT OUT button, merely OPT IN or you cannot use our latest digital whiz bang product or app. You is mine, pleb. Now we are all little corporate data gatherers working for THE MAN. Don't cause any trouble, eat plenty of bad hamburgers at corporate drive-ins found on Google search, buy lots from Amazon, inform the world on your eating habits daily on Facebook as a social dimbulb and keep paying all those monthly rentier tolls without ever being late. And they'll not bother you much. Hopefully. But no promises, serf.

    • 2manycars 2manycars on Apr 02, 2019

      You sign away the data rights when you buy the car. How many even notice, what with the 3-ring circus that tends to be part of the car-buying process?

  • Sgeffe Bronco looks with JLR “reliability!”What’s not to like?!
  • FreedMike Back in the '70s, the one thing keeping consumers from buying more Datsuns was styling - these guys were bringing over some of the ugliest product imaginable. Remember the F10? As hard as I try to blot that rolling aberration from my memory, it comes back. So the name change to Nissan made sense, and happened right as they started bringing over good-looking product (like the Maxima that will be featured in this series). They made a pretty clean break.
  • Flowerplough Liability - Autonomous vehicles must be programmed to make life-ending decisions, and who wants to risk that? Hit the moose or dive into the steep grassy ditch? Ram the sudden pile up that is occurring mere feet in front of the bumper or scan the oncoming lane and swing left? Ram the rogue machine that suddenly swung into my lane, head on, or hop up onto the sidewalk and maybe bump a pedestrian? With no driver involved, Ford/Volkswagen or GM or whomever will bear full responsibility and, in America, be ambulance-chaser sued into bankruptcy and extinction in well under a decade. Or maybe the yuge corporations will get special, good-faith, immunity laws, nation-wide? Yeah, that's the ticket.
  • FreedMike It's not that consumers wouldn't want this tech in theory - I think they would. Honestly, the idea of a car that can take over the truly tedious driving stuff that drives me bonkers - like sitting in traffic - appeals to me. But there's no way I'd put my property and my life in the hands of tech that's clearly not ready for prime time, and neither would the majority of other drivers. If they want this tech to sell, they need to get it right.
  • TitaniumZ Of course they are starting to "sour" on the idea. That's what happens when cars start to drive better than people. Humanpilots mostly suck and make bad decisions.