Two "white hat hackers" discovered that crashed Tesla vehicles sent to salvage contain unencrypted personal data, including information from drivers' paired mobile devices.
This appears to contradict Tesla's cybersecurity policy, which stipulates owners must buy cables and download a software kit to extract limited information from their vehicles via "event data recorders," should they need that data for legal, insurance, or other purposes.
The hackers procured a wrecked Tesla Model 3, which was owned by a construction company in Boston, and used by employees.
They determined the car's computers had stored unencrypted data from at least 17 different devices, and mobile phones or tablets had paired to the car about 170 times.
Overall, the vehicle had 11 phonebooks' worth of contact information from drivers or passengers who had paired their devices, as well as calendar entries with descriptions of planned appointments, and email addresses of those invited.
View Full Article
Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA