Wrecked Cars Are Now a Treasure Trove of Personal Information
As cars grow more dependent upon computer-controlled driving aids and automakers implement permanent internet connectivity, we’ve grown increasingly concerned with how automakers handle their customer’s data.
It sounds conspiratorial, but there’s a series of events to hang the tinfoil hat on. In 2017, General Motors announced it had successfully monitored the listening habits of 90,000 motorists in a study aimed at improving marketing insights. It also rejiggered OnStar and introduced the Marketplace app for seamless in-car purchasing options. Our take was that it was as impressive as it was ominous — and GM is only leading the charge into a what analysts believe will eventually become a multi-billion dollar industry.
Naturally, this led to privacy concerns over how automakers will protect customer data on future models. But we might want to start worrying about the cars we have now. A couple of white-hat hackers (those are the good ones) recently probed the internal computer networks of wrecked and salvaged Teslas and found a mother lode of personal information waiting inside.
According to a report from CNBC, GreenTheOnly and fellow hacker Theo, a Tesla proponent who has repaired hundreds of wrecked Teslas, purchased a wrecked Model 3 for research purposes in 2018. During their time with the vehicle, the pair found it was owned by a Boston-area construction company and had held onto unencrypted data from at least 17 different devices.
From CNBC:
Mobile phones or tablets had paired to the car around 170 times. The Model 3 held 11 phonebooks’ worth of contact information from drivers or passengers who had paired their devices, and calendar entries with descriptions of planned appointments, and e-mail addresses of those invited. (CNBC called and e-mailed several of the people who had paired their phones to the vehicle to verify their information was authentic.)
The data also showed the drivers’ last 73 navigation locations including residential addresses, the Wequassett Resort and Golf Club, and local Chik-Fil-A and Home Depot locations.
The car also stored the crash data, which included video footage from months prior. This allowed the hackers to pair the iPhone in use at the time of the wreck to a relative of the founder and chairman of the company that owned the Model 3. They even had the call logs and could tell that a family member had contacted the driver moments before the crash.
GreenTheOnly claims to have been able to yank similar data off other salvaged Teslas, saying he has amassed a small fortune off Tesla’s bug bounties. However, as willing as the company is to pay good-natured hackers to find flaws in its software, it’s also very protective of the data it collects. Tesla has gone to court to avoid handing the information over to customers. In fact, owners without hacker know-how have to purchase proprietary cables and software from the manufacturer just to get basic information out of the vehicle.
It’s also clear that the data is not being automatically erased in the event of a crash or after a change in ownership. But Tesla claims it’s on it.
“Tesla already offers options that customers can use to protect personal data stored on their car, including a factory reset option for deleting personal data and restoring customized settings to factory defaults, and a Valet Mode for hiding personal data (among other functions) when giving their keys to a valet,” explained a Tesla spokesperson. “That said, we are always committed to finding and improving upon the right balance between technical vehicle needs and the privacy of our customers.”
Admirable, but we already know that a large swath of motorists don’t understand all the features in their car. And that’s not likely to improve as automobiles become increasingly complicated. There will always be a subset of drivers who won’t understand how to protect stored data or even care to learn how.
GreenTheOnly and Theo noted that Tesla cameras can record while the car is parked, and that there’s no way for an owner to know when they might be doing so. The cameras enable features like “sentry mode” and trigger the car’s automatic wipers. “Tesla is not super transparent about what and when they are recording, and storing on internal systems,” GreenTheOnly explained. “You can opt out of all data collection. But then you lose [over-the-air software updates] and a bunch of other functionality. So, understandably, nobody does that, and I also begrudgingly accepted it.”
While Tesla found itself the focus of the hackers’ research, data protection is an issue that isn’t likely to be isolated to a single manufacturer. Several large automakers are already in the process of finishing data storage centers and deciphering how to best monetize information as cars grow increasingly connected to the internet. Meanwhile, the European Union voted in 2018 to make all telemetry data copyrighted by the automaker — which includes information accrued via a vehicle’s navigational systems — and China is pushing for the full-time monitoring of all new alternative-energy vehicles.
[Image: Tesla]
A staunch consumer advocate tracking industry trends and regulation. Before joining TTAC, Matt spent a decade working for marketing and research firms based in NYC. Clients included several of the world’s largest automakers, global tire brands, and aftermarket part suppliers. Dissatisfied with the corporate world and resentful of having to wear suits everyday, he pivoted to writing about cars. Since then, that man has become an ardent supporter of the right-to-repair movement, been interviewed on the auto industry by national radio broadcasts, driven more rental cars than anyone ever should, participated in amateur rallying events, and received the requisite minimum training as sanctioned by the SCCA. Handy with a wrench, Matt grew up surrounded by Detroit auto workers and managed to get a pizza delivery job before he was legally eligible. He later found himself driving box trucks through Manhattan, guaranteeing future sympathy for actual truckers. He continues to conduct research pertaining to the automotive sector as an independent contractor and has since moved back to his native Michigan, closer to where the cars are born. A contrarian, Matt claims to prefer understeer — stating that front and all-wheel drive vehicles cater best to his driving style.
More by Matt Posky
Comments
Join the conversation
All those who think the government is the big spy - Corporate America is the biggest enemy against your privacy. The feds don't really give a damn. But give the Corporate Overlords a way to separate you from your money - the real reason to steal your information - and they will do it every time. Give customers some convenience features, link in heavy data mining, and block out functionality for those who "opt out" and you have a veritable treasure trove of unlimited data theft. Locate your airbag control module, and take it out in case of a wreck. Pull the fuse on Onstar-type devices. Of course, the automakers will then put something desirable on the same circuit to discourage such behavior.
I must have missed the emails where all these companies asked my permission to use my data. There's never been an OPT OUT button, merely OPT IN or you cannot use our latest digital whiz bang product or app. You is mine, pleb. Now we are all little corporate data gatherers working for THE MAN. Don't cause any trouble, eat plenty of bad hamburgers at corporate drive-ins found on Google search, buy lots from Amazon, inform the world on your eating habits daily on Facebook as a social dimbulb and keep paying all those monthly rentier tolls without ever being late. And they'll not bother you much. Hopefully. But no promises, serf.