Tesla has been getting rid of computers without wiping them compromising customer accounts – Electrek

Tesla has been throwing away computers without wiping them leaving some customer account compromised. Be aware if Tesla ever had to replace your onboard computer.

With Tesla Autopilot computer upgrade and recently announced MCU2 upgrade, on top of regular replacements for performance issues, Tesla is changing a lot of computers in its vehicles today.

Now the fact that a lot of used Tesla computers are showing up on eBay raises some questions about Teslas process to get rid of those computers, which can often contain sensitive information, like Google or Spotify usernames and passwords.

Even more troubling, these passwords dont seem to be encrypted.

Thats the kind of information that can be used to hack someone and can be described as compromising customer accounts.

Hacker Green acquired several of these computers and managed to find a lot of that kind of information about previous owners.

Fortunately, the first thing he did is reach out to Tesla and let them know about the vulnerability.

The automaker told him that they were launching an investigation into the issue, but the investigation didnt seem to be taken too seriously.

Green told Electrek that when he shared the VINs of the units he had with Tesla, they told him that those units were stolen from them.

However, it appears that Tesla might be stretching the meaning of the word stolen.

Green shared proof with Electrek that these computers can be found in Teslas service center dumpsters.

He wrote on Twitter:

I got in contact with Tesla security via proper channels and they are looking into it. But considering units are thrown into trash as per the procedure not even sure this can be pinned on anybody. At most why did not you whack it with a hammer at least?

Tesla claims that the computers are supposed to be wiped before being thrown away, but he is only aware of a reset procedure that can be done at the factory but not at service centers.

Either people dumpster dive to grab them and sell them to resellers and they end up on eBay, which is hardly stealing, or Tesla employees themselves sell the computers.

You can see plenty of them available for sale on the website:

Green told Electrek that he even heard about Tesla employees selling computers to third-party Tesla repairers:

I know some people on the unauthorized repair side and they say Tesla staff comes and brings such units

He added on Twitter:

Tesla told Green that they would contact people who are affected by this leak of information, but they havent given a clear timeline on that.

Electrek contacted Tesla about the issue and we will update if we get an answer.

Well, thats dumb.

First off, these computers shouldnt end up in dumpsters in the first place, they should be recycled, but if they do, they should obviously be wiped. And, even if these things are found, this information should be encrypted so it is at least extremely difficult to ascertain the important information should one of these fall into the wrong hands.

There are going to be thousands of Tesla computers in that situation in the coming months and likely hundreds of thousands over the next year. Kind of a waste of equipment if you ask me.

Tesla needs to have a way better procedure in place before that can happen and they need to make it right for people who have already got a computer upgrade and let them know they should change their passwords.

If you have linked accounts on your Tesla and had your computer upgraded, you should definitely do that.

FTC: We use income earning auto affiliate links. More.

Subscribe to Electrek on YouTube for exclusive videos and subscribe to the podcast.

Read the rest here:

Tesla has been getting rid of computers without wiping them compromising customer accounts - Electrek

Related Post

Comments are closed.