Beijing time on May 7 noon news, according tomedia reports, Tesla’s car computer system, may not be as secure as everyone thought. According to a cybersecurity researcher, even after the factory reset, hackers can still recover large amounts of personal information from the old Tesla panel system.
The researcher, who sits “greentheonly”, came to this conclusion after studying 13 second-hand Tesla Media Control Units (MCUs), 12 of which he bought from eBay and another from a friend.
Although each control unit has been reset to delete all personal information of the previous owner, the researchers were able to recover large amounts of data from the system, such as passwords, GPS location information, etc. Hackers can access the control unit’s original owner’s complete contact list, call logs, calendar information and account IDs and passwords for third-party apps (Spotify, Netflix, Gmail, YouTube, etc.) that have been run on the control unit.
Each time the vehicle is started, the on-board media control unit also saves a screenshot of the vehicle’s location, and the system keeps the most recent 50 location screen shots, all of which can also be accessed.
Greentheonly said he had access to the information because the Tesla system was using the SQLite database. For the SQLite database, the original information is actually deleted only after the specific module on the hard drive has been overridden by the new information.
The factory reset only means that Tesla’s operating system will free up space on that particular module. However, the data that has been written remains there until the system re-writes the data.
In an interview, Greentheonly also said that the used Tesla in-car media control unit is easier to buy on the second-hand market.