Evidence emerges Tesla doesn't erase personal data from replaced components and they're winding up for sale online.
Tesla’s retrofitting service for media control units (MCU) and Autopilot hardware – HW, for short – may not go far enough in protecting owners’ personal data. That’s according to white hat hacker GreenTheOnly. He obtained four units of these Tesla computers off eBay and found the previous owners’ personal data still on them. More worrying, though, was Tesla’s response, or lack thereof, when Green confronted the company with the data.
According to Green, he informed Tesla of his findings before coming to InsideEVs. The Palo Alto, California-based company refused to notify all of its customers that might be affected in a timely manner, although a week before this article was published Tesla did say it would notify one of the affected customers. As of publication, it still hasn't.
Speaking to InsideEVs, Green said each of the modules he bought had “owner’s home and work location, all saved wi-fi passwords, calendar entries from the phone, call lists and address books from paired phones, Netflix and other stored session cookies.” Netflix session cookies allow hackers to take control of these accounts. Spotify passwords are stored in clear text.
Thus, if you own a Tesla and have had your car retrofitted with new computer hardware, your personal information may be for sale right now on eBay or elsewhere.
How This All Started
The computer swaps Tesla currently performs involves both the MCU on the Model S and Model X and the ICE on the Model 3. On the Model S and X, the MCU and the Autopilot hardware are separate computers. On the Model 3 and now the Model Y, these computers are combined in a single piece of hardware that hackers call ICE.
|GLOSSARY OF TESLA COMPUTER TERMS|
|MCU (Media Control Unit)||Computer that controls infotainment and stores personal data|
|Used on Model S and X until March 2018|
|MCU v2||Used on Model S and X after March 2018|
|HW||Computer that controls Autopilot and Full Self Driving|
|ICE||Integrated MCU and HW computer in Model 3 and Y|
There are a few reasons why these computers might need to be replaced. For Model S and X, the MCU in older vehicles sometimes need replaced because the first generation, called MCUv1, had issues with excessive logging that made it fail after four to five years. Owners made a petition for Tesla to start offering a retrofit for its second-generation MCU, called MCUv2, which supposedly fixed this defect, and the company made it available in the U.S. on March 3. Before this, Tesla only replaced the MCUv1 with a new or refurbished one. Surprisingly, Green discovered MCUv2 units are also failing, possibly due to manufacturing issues with the EMMC chip. All of these computers, both MCUv1 and MCUv2, are involved in this privacy issue.
For the Model 3, the ICE computer on older cars may need upgraded if an owner purchases the Full Self Driving (FSD) package. There have been multiple versions of the HW computer that controls Autopilot and enabled Full Self Driving capability, and only the most recent, HW 3.0, can power the latest FSD features. Tesla promised all cars made after April 22, 2019 would come with HW 3.0, but many Model 3s built after that date were still equipped with earlier versions of the HW computer. Either way, any Model 3 without the latest HW computer would need its entire ICE component replaced if FSD were purchased. While the HW computer has no personal data, it's combined with the MCU computer in a Model 3, and it's the latter computer that stores an owner's personal data.
Green obtained three ICE computers from Tesla Model 3s. He also got his hands on one Model X MCUv2. This one was crushed, but its data was recoverable.
“Prices on eBay for these units started to drop from more than $500 to $300 then $200 then $150 and so on, so more and more people started to buy them for research. They are useless in car repairs because there's no easy way to use them in other cars. Since you need specialized knowledge to get started, some of those people turned to me and other ‘hackers’ to help them get started. Some units were sent to me to extract data out of them to bootstrap some research too. This is when I became aware of the data leakage happening. I then purchased a unit on eBay to confirm it works exactly like that. And it sure does.”
Green has already made public another Tesla privacy concern in partnership with CNBC. Together, they revealed in March 2019 that salvaged Teslas still had data in them. At the time, Tesla claimed owners could use the factory reset option to erase sensitive data from their totaled cars. That’s good for every Tesla owner but does not apply to this situation.
These computer retrofits are performed by Tesla only, either at Service Centers or through the company’s Mobile Service. Owners usually want all of their personal data transferred to their new computer, so Tesla uses the older computer installed in the car to transfer that data to the new computer. Once the original computer is removed from the vehicle, though, the owner no longer has the ability to erase their own data.
According to Green, much like with a warranty replacement, you don't get to keep the old parts when you perform the FSD retrofit: Tesla claims this is for free. That apparently changes when you do the MCUv2 upgrade or if you had to replace the MCUv1 for another one in places where this retrofit is not yet offered. Green saw a TMC forum thread saying you can pay a $1,000 ‘core charge’ to keep your old computer. We could not confirm that with Tesla.
We have contacted Tesla and other sources who know what happens in Service Centers after retrofits. The goal was to determine what policy they follow regarding the old computers they remove. Tesla did not get back to us but, according to one of these sources, technicians were told to throw the replaced computers away or damage them before trashing them – hence the crushed MCUv2 Green bought.
The hacker got word of something similar: “I also heard a prerequisite to throwing the unit into a dumpster is to hit it with a hammer a few times. This obviously does not destroy any data and I did see these units for sale too – at even lower prices, at times as little as $10 if you get a box full of them. Obviously, undamaged units sell for more, so I guess there's an incentive to not hit them with any hammers.”
If destroying the computers were done properly, there’d be nothing for owners who’ve had the swap performed to worry about. But as you already know, these computers are ending up on eBay and other used stuff sales websites, such as Bonanza.
Green warned us that the ones with red caps on the coolant pipes come from Service Centers. The hacker was even able to locate from which Service Center the crushed MCUv2 that he bought came: Santa Clara, California.
There are at least two explanations for these computers showing up for sale online: either Service Centers are not damaging them enough to prevent their reuse and dumpster-divers are grabbing them to resell, or technicians themselves are selling these computers to make a profit. It could be a combination of both.
Instead of destroying these computers or charging a $1,000 fee for people to keep them, Tesla could fully erase their data and sell them as refurbished for lower prices. Some won’t even need any physical repair; they have been replaced preventively or because their owners want new features.
Perhaps Tesla does not think reselling these computers is worth it, but it could also send these computers out to certified shops to erase and resell. Apart from solving the data privacy issue, this would also be more environmentally responsible than throwing them into dumpsters.
The Owners Affected (That We Know About)
Since Green got hold of four computers, we have four confirmed Tesla owners involved with this privacy issue. All of them are from California, and all four have chosen to remain anonymous, but have agreed to speak with InsideEVs on the record.
Owner #1 loves Tesla. We had her phone number and address from the ICE computer that we removed her Model 3 and wound up in Green’s possession, but we got in touch with her by email so she could verify who we are. We have followed this strategy with all of the Tesla owners involved. Owner #1 replied a while later:
“This is very concerning! I do own a Tesla Model 3 and recently upgraded to Hardware 3 for FSD at my local Service Center … I am willing to connect with you regarding this issue as I am disturbed that something like this could happen and worried about what type of data is available to anyone willing to purchase it.”
We told Owner #1 that her information was safe. Green committed to erasing all data a week after this article is published, but not everyone will be lucky enough to have their old computer wind up in the hands of a white hat hacker.
As we said earlier, Tesla confirmed to Green that it would warn at least one client, and that client was Owner #1. However, when we contacted her a week later, she confirmed the company had not reached out to her.
“Tesla did not contact me about the data breach. They should have and I hold them responsible for that. I also feel that they should be held accountable for this breach, especially if this happened to others. Despite this, I believe in Tesla and what they are trying to do. I do not want to harm that in any way. While I am hurt and a bit shocked, I absolutely love my car and this company.” – Owner #1
Owner #2 is still thinking about going public or not. His computer was also an ICE, so we know it came from a Model 3.
“I replaced the FSD computer about two months ago. Is Tesla selling these computers? Or is this a rogue employee? Why would Tesla be selling these?” – Owner #2
Owner #3 drives the Tesla Model X from which Green’s crushed MCUv2 was removed. Despite the physical damage to the hardware, Green was still able to retrieve enough information for us to have Owner #3’s phone number, email addresses, and other contact information from both his phone and his wife’s. He got in touch when we were about to publish this article and said he is seeking legal advice. We still want to know more about his retrofit.
The fourth and final owner for which we have physical evidence of their personal data not being erased wanted to speak with InsideEVs and Mr. Green on the phone. Owner #4 wanted to understand all of the circumstances involving the ICE computer that was replaced when he got FSD on his Model 3. He asked us to refer to him as “Upset Model 3 Owner.”
“Tesla should be encrypting all the data in the cloud and on the hardware of the card. When hardware components are replaced, Tesla should delete and physically destroy the media so data is unrecoverable.” – Owner #4
What Tesla Has To Say About This
We asked Tesla on Monday, April 27 to answer the following questions:
- What is the process for handling these old computers? What happens to them after they are removed from the cars?
- Why doesn't Tesla erase them after copying the owner’s information to the new computers?
- What do you believe has failed in the way the company handles these old computers for them to wind up for sale with personal data on them?
- Why doesn't Tesla encrypt the personal data contained in these computers?
- Does the company plan to take any measures to protect customer's data in these retrofits? Which ones, precisely?
Tesla did not get back to us before we published this article. We will update the article if the company replies.
What Should You Do?
Ask Tesla to let you keep your old computer without paying its $1,000 “core charge” – if you replaced an MCU – or to prove it has erased your data from the hardware. If Tesla’s solution for this hardware is to destroy it, hitting it with a hammer is not good enough, as Green has proved. Also, ask Tesla what it plans to do with your hardware to make sure your data will not be available to anyone willing to pay for these old parts.
If you already had the retrofit, change all of your passwords.
If Tesla refuses to give you the old computer or prove it has been properly erased or destroyed, your options to ensure data safety are limited. You may have to hard reset your car before Tesla performs the retrofit, which will erase all of your personal data before the old computer is removed. If you do not want to do that, you may have to give up on the process entirely for the sake of your personal data.
You may have to hard reset your car before Tesla performs the retrofit, which will erase all of your personal data before the old computer is removed.
If you already had the retrofit, change all of your passwords. Warn the people you have called recently and the ones in your phonebook they could be subject to scams from people pretending to be you due to this data leak.
Have you had Tesla or an uncertified source perform one of the hardware swaps we mention in this article? Did you have any problems due to it? Are you a white hat hacker with access to other examples of this data leak? Do you plan to perform a retrofit anytime soon? If so, we’d like to hear from you. Please email email@example.com with information to share.
Whatever you decide to do, at least be aware that your data may be shared or sold without your permission. That is, until Tesla announces a way to keep your information safe in these situations.