A hacker and Tesla enthusiast known only as GreenTheOnly has spent a lot of time and effort digging deep into Tesla’s hardware and software, something that Tesla has never been crazy about. Recently, he’s examined the internal computer networks in wrecked and salvaged Teslas, including a Model S, a Model X, and two Model 3s. He found that those cars contained a metric crapload of user data, ranging from contact lists from paired phones to navigation locations and video files from the car’s multiple cameras, including footage of the crashes that ended the car’s useful lives.
To be fair, pretty much any modern car is likely to have a fair amount of user data stored in its systems, especially if you’ve paired a phone or other devices to the car. You may recall that GM collected radio-listening data on large numbers of its customers, and data-mining from cars is becoming so expected that the EU decided that future autonomous car data will be copyrighted by the automaker.
Teslas, however, appear to store significantly more data, partially as a result of their semi-autonomous systems camera and sensor requirements.
Getting your own data from your own Tesla after a wreck or incident isn’t cheap or easy, even if you’ve owned the car since new. It requires a proprietary cable that costs $995, though it does come in a nice hard case, and you can download the required software from Tesla for free once you drop a grand on the cable.
According to CNBC, who spoke directly with GreenTheOnly on the condition of maintaining his anonymity, the data on one of the crashed Model 3s showed that the car was owned by a Boston-area construction company, and the car contained data from at least 17 paired devices, which had paired to the car 170 times, with 11 phoneboooks of contact information stored, unencrypted, on the car.
There were also calendar appointment entries, email addresses, and 73 addresses from the navigation system, including residential addresses and records of searches to find the nearest Chik-Fil-A.
Of course, the most exciting data was the footage of the crash around Orleans, Massachusetts, at 11:15 pm on August 11, that wrecked the car:
Again, this issue is by no means unique to Tesla, though GreenTheOnly made a point to explain to CNBC why Tesla is a particularly egregious data-hoarder here, since they have dashboard and external cameras that can be recording without warning, even when the car is parked, to enable features like rain-sensing wipers and Tesla’s “Sentry Mode.”
GreenTheOnly also explained to CNBC that
“Tesla is not super transparent about what and when they are recording, and storing on internal systems. You can opt out of all data collection. But then you lose [over-the-air software updates] and a bunch of other functionality. So, understandably, nobody does that, and I also begrudgingly accepted it.”
Also, former Tesla employees have reported that when Tesla discovers owners who attempt to analyze or modify the software on their own cars, those owners are flagged and receive over-the-air firmware and software updates.
I reached out to Tesla, and they provided me with the same statement they gave to CNBC:
“Tesla already offers options that customers can use to protect personal data stored on their car, including a factory reset option for deleting personal data and restoring customized settings to factory defaults, and a Valet Mode for hiding personal data (among other functions) when giving their keys to a valet. That said, we are always committed to finding and improving upon the right balance between technical vehicle needs and the privacy of our customers.”
It seems like there’s a pretty straightforward solution to this issue, or at least a partial solution that would help, both for Tesla and other manufacturers that store personal information in a car’s on-board computers: encrypt the data.
While it’s possible the data could be decrypted, there’s no reason not to make it at least harder for someone who gets access to a salvaged, wrecked, or stolen car to get access to previous owner’s potentially very sensitive data.
Just think if there are audio files from internal microphones to you singing as you drive; none of us could recover from something like that if it were to be made public.