Wrecked Cars Are Now a Treasure Trove of Personal Information

Matt Posky
by Matt Posky
We’re committed to finding, researching, and recommending the best products. We earn commissions from purchases you make using links in our articles. Learn more here
wrecked cars are now a treasure trove of personal information

As cars grow more dependent upon computer-controlled driving aids and automakers implement permanent internet connectivity, we’ve grown increasingly concerned with how automakers handle their customer’s data.

It sounds conspiratorial, but there’s a series of events to hang the tinfoil hat on. In 2017, General Motors announced it had successfully monitored the listening habits of 90,000 motorists in a study aimed at improving marketing insights. It also rejiggered OnStar and introduced the Marketplace app for seamless in-car purchasing options. Our take was that it was as impressive as it was ominous — and GM is only leading the charge into a what analysts believe will eventually become a multi-billion dollar industry.

Naturally, this led to privacy concerns over how automakers will protect customer data on future models. But we might want to start worrying about the cars we have now. A couple of white-hat hackers (those are the good ones) recently probed the internal computer networks of wrecked and salvaged Teslas and found a mother lode of personal information waiting inside.

According to a report from CNBC, GreenTheOnly and fellow hacker Theo, a Tesla proponent who has repaired hundreds of wrecked Teslas, purchased a wrecked Model 3 for research purposes in 2018. During their time with the vehicle, the pair found it was owned by a Boston-area construction company and had held onto unencrypted data from at least 17 different devices.

From CNBC:

Mobile phones or tablets had paired to the car around 170 times. The Model 3 held 11 phonebooks’ worth of contact information from drivers or passengers who had paired their devices, and calendar entries with descriptions of planned appointments, and e-mail addresses of those invited. (CNBC called and e-mailed several of the people who had paired their phones to the vehicle to verify their information was authentic.)

The data also showed the drivers’ last 73 navigation locations including residential addresses, the Wequassett Resort and Golf Club, and local Chik-Fil-A and Home Depot locations.

The car also stored the crash data, which included video footage from months prior. This allowed the hackers to pair the iPhone in use at the time of the wreck to a relative of the founder and chairman of the company that owned the Model 3. They even had the call logs and could tell that a family member had contacted the driver moments before the crash.

GreenTheOnly claims to have been able to yank similar data off other salvaged Teslas, saying he has amassed a small fortune off Tesla’s bug bounties. However, as willing as the company is to pay good-natured hackers to find flaws in its software, it’s also very protective of the data it collects. Tesla has gone to court to avoid handing the information over to customers. In fact, owners without hacker know-how have to purchase proprietary cables and software from the manufacturer just to get basic information out of the vehicle.

It’s also clear that the data is not being automatically erased in the event of a crash or after a change in ownership. But Tesla claims it’s on it.

“Tesla already offers options that customers can use to protect personal data stored on their car, including a factory reset option for deleting personal data and restoring customized settings to factory defaults, and a Valet Mode for hiding personal data (among other functions) when giving their keys to a valet,” explained a Tesla spokesperson. “That said, we are always committed to finding and improving upon the right balance between technical vehicle needs and the privacy of our customers.”

Admirable, but we already know that a large swath of motorists don’t understand all the features in their car. And that’s not likely to improve as automobiles become increasingly complicated. There will always be a subset of drivers who won’t understand how to protect stored data or even care to learn how.

GreenTheOnly and Theo noted that Tesla cameras can record while the car is parked, and that there’s no way for an owner to know when they might be doing so. The cameras enable features like “sentry mode” and trigger the car’s automatic wipers. “Tesla is not super transparent about what and when they are recording, and storing on internal systems,” GreenTheOnly explained. “You can opt out of all data collection. But then you lose [over-the-air software updates] and a bunch of other functionality. So, understandably, nobody does that, and I also begrudgingly accepted it.”

While Tesla found itself the focus of the hackers’ research, data protection is an issue that isn’t likely to be isolated to a single manufacturer. Several large automakers are already in the process of finishing data storage centers and deciphering how to best monetize information as cars grow increasingly connected to the internet. Meanwhile, the European Union voted in 2018 to make all telemetry data copyrighted by the automaker — which includes information accrued via a vehicle’s navigational systems — and China is pushing for the full-time monitoring of all new alternative-energy vehicles.

[Image: Tesla]

Matt Posky
Matt Posky

Consumer advocate tracking industry trends, regulation, and the bitter-sweet nature of modern automotive tech. Research focused and gut driven.

More by Matt Posky

Join the conversation
4 of 18 comments
  • Golden2husky Golden2husky on Apr 02, 2019

    All those who think the government is the big spy - Corporate America is the biggest enemy against your privacy. The feds don't really give a damn. But give the Corporate Overlords a way to separate you from your money - the real reason to steal your information - and they will do it every time. Give customers some convenience features, link in heavy data mining, and block out functionality for those who "opt out" and you have a veritable treasure trove of unlimited data theft. Locate your airbag control module, and take it out in case of a wreck. Pull the fuse on Onstar-type devices. Of course, the automakers will then put something desirable on the same circuit to discourage such behavior.

    • Gass-man Gass-man on Apr 02, 2019

      Well, yeah. But remember Corporate America owns Congress completely. They paid good money for it!

  • Conundrum Conundrum on Apr 02, 2019

    I must have missed the emails where all these companies asked my permission to use my data. There's never been an OPT OUT button, merely OPT IN or you cannot use our latest digital whiz bang product or app. You is mine, pleb. Now we are all little corporate data gatherers working for THE MAN. Don't cause any trouble, eat plenty of bad hamburgers at corporate drive-ins found on Google search, buy lots from Amazon, inform the world on your eating habits daily on Facebook as a social dimbulb and keep paying all those monthly rentier tolls without ever being late. And they'll not bother you much. Hopefully. But no promises, serf.

    • 2manycars 2manycars on Apr 02, 2019

      You sign away the data rights when you buy the car. How many even notice, what with the 3-ring circus that tends to be part of the car-buying process?

  • Carsofchaos The bike lanes aren't even close to carrying "more than the car lanes replaced". You clearly don't drive in Midtown Manhattan on a daily like I do.
  • Carsofchaos The problem with congestion, dear friends, is not the cars per se. I drive into the city daily and the problem is this:Your average street in the area used to be 4 lanes. Now it is a bus lane, a bike lane (now you're down to two lanes), then you have delivery trucks double parking, along with the Uber and Lyft drivers also double parking. So your 4 lane avenue is now a 1.5 lane avenue. Do you now see the problem? Congestion pricing will fix none of these things....what it WILL do is fund persion plans.
  • FreedMike Many F150s I encounter are autonomously driven...and by that I mean they're driving themselves because the dips**ts at the wheel are paying attention to everything else but the road.
  • Tassos A "small car", TIM????????????This is the GLE. Have you even ever SEEN the huge thing at a dealer's??? NOT even the GLC,and Merc has TWO classes even SMALLER than the C (The A and the B, you guessed it? You must be a GENIUS!).THe E is a "MIDSIZED" crossover, NOT A SMALL ONE BY ANY STRETCH OF THE IMAGINATION, oh CLUELESS one.I AM SICK AND TIRED OF THE NONSENSE you post here every god damned day.And I BET you will never even CORRECT your NONSENSE, much less APOLOGIZE for your cluelessness and unprofessionalism.
  • Stuki Moi "How do you take a small crossover and make it better?Slap the AMG badge on it and give it the AMG treatment."No, you don't.In fact, that is specifically what you do NOT do.Huge, frail wheels, and postage stamp sidewalls, do nothing but make overly tall cuvs tramline and judder. And render them even less useful across the few surfaces where they could conceivably have an advantage over more properly dimensioned cars. And: Small cuvs have pitiful enough fuel range as it is, even with more sensible engines.Instead, to make a small CUV better, you 1)make it a lower slung wagon. And only then give it the AMG treatment. AMG'ing, makes sense for the E class. And these days with larger cars, even the C class. For the S class, it never made sense, aside from the sheer aural visceralness of the last NA V8. The E-class is the center of AMG. Even the C-class, rarely touches the M3.Or 2) You give it the Raptor/Baja treatment. Massive, hypersophisticated suspension travel allowing landing meaningful jumps. As well as driving up and down wide enough stairs if desired. That's a kind of driving for which a taller stance, and IFS/IRS, makes sense.Attempting to turn a CUV into some sort of a laptime wonder, makes about as much sense as putting an America's Cup rig atop a ten deck cruiseship.