Find personal data from your old car on eBay

[An amateur] researcher, who described himself as a “Tesla tinkerer that’s curious about how things work,” recently gained access to 13 Tesla MCUs — short for media control units — that were removed from electric vehicles during repairs and refurbishments. Each one of the devices stored a trove of sensitive information despite being retired. Examples included phone books from connected cell phones, call logs containing hundreds of entries, recent calendar entries, Spotify and W-Fi passwords stored in plaintext, locations for home, work, and all places navigated to, and session cookies that allowed access to Netflix and YouTube (and attached Gmail accounts)…

“It looks like some service center employees sell intact units on the side instead of returning them…the researcher said in an interview. “I know some people running salvage yards that say that’s one source of units they have for sale.”…

[His] discovery reveals a risk posed not just to Tesla owners but drivers of virtually any vehicle that has onboard devices that store personal data or provide remote tracking. A man who rented Ford vehicles from Enterprise Rent-a-Car reported having the ability to remotely start, stop, lock, and unlock the vehicles long after he returned them not just once, but a second time four months after the first. As is the case with Tesla MCUs that make it back onto the market, the failure of rental companies to mandate that employees fully wipe infotainment systems of all previous customers’ data represents a safety and privacy risk that could easily be avoided.

I know you can’t selectively destroy recording systems in a car you’re selling or trading-in; but, at a minimum you should do a factory reset. I’m not a fanatic about privacy (yet); but, I see no reason to skip utilizing the procedures built-in to maintain some level of security.

2 thoughts on “Find personal data from your old car on eBay

  1. Peter says:

    Also if you have buttons on your mirror that open gates, be sure to clear those if you sell the car. It’s quite easy. I believe you simply press the button for several seconds. In my case, I’d get a green light flashing.

    Also do not put your home address in a gps. Use a nearby one. Thus if someone gains access to your gps and gives a command like “take me home”, the thieves now know where you live.This applies to your phones particularly.

  2. nicknielsensc says:

    Corporate has been providing Ford 150 vans with MS Sync for the past 12 years. Every one of them has had the master clear and factory reset performed before it was loaded onto the carrier taking it to auction. Not that I’m all that worried. The only phones I’ve ever linked to those vans are the work phones.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.