Tesla data leak: Evidence emerges Tesla doesn’t erase personal data from replaced components and they’re winding up for sale online.
Tesla’s retrofitting service for media control units (MCU) and Autopilot hardware – HW, for short – may not go far enough in protecting owners’ personal data. That’s according to white hat hacker GreenTheOnly. He obtained four units of these Tesla computers off eBay and found the previous owners’ personal data still on them. More worrying, though, was Tesla’s response, or lack thereof, when Green confronted the company with the data.
According to Green, he informed Tesla of his findings before coming to InsideEVs. The Palo Alto, California-based company refused to notify all of its customers that might be affected in a timely manner, although a week before this article was published Tesla did say it would notify one of the affected customers. As of publication, it still hasn’t.
Speaking to InsideEVs, Green said each of the modules he bought had “owner’s home and work location, all saved wi-fi passwords, calendar entries from the phone, call lists and address books from paired phones, Netflix and other stored session cookies.” Netflix session cookies allow hackers to take control of these accounts.
Thus, if you own a Tesla and have had your car retrofitted with new computer hardware, your personal information may be for sale right now on eBay or elsewhere.
How This All Started
The computer swaps Tesla currently performs involves both the MCU on the Model S and Model X and the ICE on the Model 3. On the Model S and X, the MCU and the Autopilot hardware are separate computers. On the Model 3 and now the Model Y, these computers are combined in a single piece of hardware that hackers call ICE.
There are a few reasons why these computers might need to be replaced. For Model S and X, the MCU in older vehicles sometimes need replaced because the first generation, called MCUv1, had issues with excessive logging that made it fail after four to five years. Owners made a petition for Tesla to start offering a retrofit for its second-generation MCU, called MCUv2, which supposedly fixed this defect, and the company made it available in the U.S. on March 3. Before this, Tesla only replaced the MCUv1 with a new or refurbished one. Surprisingly, Green discovered MCUv2 units are also failing, possibly due to manufacturing issues with the EMMC chip. All of these computers, both MCUv1 and MCUv2, are involved in this privacy issue.
For the Model 3, the ICE computer on older cars may need upgraded if an owner purchases the Full Self Driving (FSD) package. There have been multiple versions of the HW computer that controls Autopilot and enabled Full Self Driving capability, and only the most recent, HW 3.0, can power the latest FSD features. Tesla promised all cars made after April 22, 2019 would come with HW 3.0, but many Model 3s built after that date were still equipped with earlier versions of the HW computer. Either way, any Model 3 without the latest HW computer would need its entire ICE component replaced if FSD were purchased. While the HW computer has no personal data, it’s combined with the MCU computer in a Model 3, and it’s the latter computer that stores an owner’s personal data.
Green obtained three ICE computers from Tesla Model 3s. He also got his hands on one Model X MCUv2. This one was crushed, but its data was recoverable.
Green has already made public another Tesla privacy concern in partnership with CNBC. Together, they revealed in March 2019 that salvaged Teslas still had data in them. At the time, Tesla claimed owners could use the factory reset option to erase sensitive data from their totaled cars. That’s good for every Tesla owner but does not apply to this situation.
These computer retrofits are performed by Tesla only, either at Service Centers or through the company’s Mobile Service. Owners usually want all of their personal data transferred to their new computer, so Tesla uses the older computer installed in the car to transfer that data to the new computer. Once the original computer is removed from the vehicle, though, the owner no longer has the ability to erase their own data.
According to Green, much like with a warranty replacement, you don’t get to keep the old parts when you perform the FSD retrofit: Tesla claims this is for free. That apparently changes when you do the MCUv2 upgrade or if you had to replace the MCUv1 for another one in places where this retrofit is not yet offered. Green saw a TMC forum thread saying you can pay a $1,000 ‘core charge’ to keep your old computer. We could not confirm that with Tesla.
We have contacted Tesla and other sources who know what happens in Service Centers after retrofits. The goal was to determine what policy they follow regarding the old computers they remove. Tesla did not get back to us but, according to one of these sources, technicians were told to throw the replaced computers away or damage them before trashing them – hence the crushed MCUv2 Green bought.
The hacker got word of something similar: “I also heard a prerequisite to throwing the unit into a dumpster is to hit it with a hammer a few times. This obviously does not destroy any data and I did see these units for sale too – at even lower prices, at times as little as $10 if you get a box full of them. Obviously, undamaged units sell for more, so I guess there’s an incentive to not hit them with any hammers.”
If destroying the computers were done properly, there’d be nothing for owners who’ve had the swap performed to worry about. But as you already know, these computers are ending up on eBay and other used stuff sales websites, such as Bonanza.
Green warned us that the ones with red caps on the coolant pipes come from Service Centers. The hacker was even able to locate from which Service Center the crushed MCUv2 that he bought came: Santa Clara, California.
There are at least two explanations for these computers showing up for sale online: either Service Centers are not damaging them enough to prevent their reuse and dumpster-divers are grabbing them to resell, or technicians themselves are selling these computers to make a profit. It could be a combination of both.
What Should You Do?
Ask Tesla to let you keep your old computer without paying its $1,000 “core charge” – if you replaced an MCU – or to prove it has erased your data from the hardware. If Tesla’s solution for this hardware is to destroy it, hitting it with a hammer is not good enough, as Green has proved. Also, ask Tesla what it plans to do with your hardware to make sure your data will not be available to anyone willing to pay for these old parts.
If you already had the retrofit, change all of your passwords.
If Tesla refuses to give you the old computer or prove it has been properly erased or destroyed, your options to ensure data safety are limited. You may have to hard reset your car before Tesla performs the retrofit, which will erase all of your personal data before the old computer is removed. If you do not want to do that, you may have to give up on the process entirely for the sake of your personal data.
You may have to hard reset your car before Tesla performs the retrofit, which will erase all of your personal data before the old computer is removed.
If you already had the retrofit, change all of your passwords. Warn the people you have called recently and the ones in your phonebook they could be subject to scams from people pretending to be you due to this data leak.
Have you had Tesla or an uncertified source perform one of the hardware swaps we mention in this article? Did you have any problems due to it? Are you a white hat hacker with access to other examples of this data leak? Do you plan to perform a retrofit anytime soon? If so, we’d like to hear from you. Please email firstname.lastname@example.org with information to share.
Whatever you decide to do, at least be aware that your data may be shared or sold without your permission. That is, until Tesla announces a way to keep your information safe in these situations.