The price of a domestic Tesla has recently dropped to 270,000, sparking a flurry of wallets for potential car buyers. The result comes as people hesitate to buy Tesla’s gear, which has recently been exposed as a problem with poor data protection that has led to a breach of user privacy…
As long as a Tesla has entered the repair station, changed / upgraded the car computer motherboard, then the owner’s contacts, call logs, calendar schedule, location track screenshots and so on some of the no, it is likely to have been leaked.
And this matter has been a white hat hacker to the real hammer, he even followed the leaked number to several car owners called, with each other came to talk and laugh.
Of course, the other side may not think so…
The owner wants us to call him ” a disappointed bean 3 owner “
So if any poor friend around a Tesla friend, or hurry to let each other see if there is a related after-sales record it. (By the way, ta can keep an eye on a wave of bad reviews )
Because Tesla is too expensive to afford to tear down, so next, the poor review of the king to use some of the information already available to talk to you, Tesla owners’ privacy data is how stolen.
As we all know, Tesla’s car system screen is not only very large, in addition to the previous car radios, Bluetooth phones, Tesla this screen can also access the Internet, brush drama, landlords.
Because the system has changed so much compared to the previous car system, Tesla engineers have built a touch-screen operating system dedicated to Tesla based on the Linux kernel.
(I don’t know if it’s a coincidence, the interface also has some old hammer TNT flavor… )
If you’re still a little impressed with the Linux kernel, you’ll probably remember that Google is also an Android phone system based on the Linux kernel.
So in some ways, we can think of Tesla’s car system as something equivalent to Android, and Tesla as a wheeled Android phone.
Android phones require Qualcomm SnapSnapdragon 865, LPDDR5 memory, UFS 3.0 flash memory. By the same token, Tesla’s car system needs such hardware.
Well.. It’s the board in the red box below, which is commonly called the MCU (Media Control Unit) in the automotive industry.
Tesla’s MCU uses eMMC storage particles made from magnesium light, which is not as fast as the UFS on the phone, but is also sufficient.
The problem is in Tesla’s system design: Tesla’s Linux system doesn’t do any encryption for this eMMC drive!
Maybe a small partner will say, Tesla doesn’t have a digital password lock, isn’t it encrypted?
Well.. In fact, digital password lock, really not encrypted.
Small partners with experience of mobile phone recovery should know that no matter how complex the screen lock on the phone is, it is not really useful.
Because to read a piece of storage particles on a phone, there is no need for the phone to power on, it will not need to lose the unlock password.
Like the gadget in the picture above, Taobao sells for no more than double digits. But this is the 99-dollar gadget, just stick the eMMC storage granules to its contacts and have complete access to all the files inside like a USB stick.
Albums, contacts, account passwords, whether there is a screen password, all directly to you raw pull down.
And it’s not hard: as long as you go through the tutorial, the elementary school students can also clean up an eMMC storage particle.
The only way to solve this problem is to encrypt all the files in the operating system with an encryption algorithm – the data is decrypted on demand only after the password is lost and entered into the system.
Before the boot password decrypts, all the data is just a bunch of garbled code, even through the tool pulled out is useless.
As early as a decade ago, Google added the option of storage encryption to Android 4.0;
But Tesla’s machine… Perhaps it is because i think that the encryption will make the system card, but also may be because some other poor judges can not guess the reason, in short, has not moved the idea of full encryption.
Even though the issue had been picked up once by the US media last year, Tesla was only floating back: “If you’re worried about privacy leaks, it would be nice to have the data wiped off if you’re worried about privacy leaks.”
Tesla after car crash when scrap auction
contains a lot of unexpected data.
But a year later, white hat hackers discovered that some things could not be solved by factory settings…
In the past, a typical car, unless it was in the case of a thunderous bubbly bubble, an MCU substrate could live with the car for the rest of his life.
But Tesla is different, it is “smart cars from the future”.
And once something is in touch with the word “smart”, it becomes a card…
So after two or three years, Tesla owners have to drive to the back-to-back, just like we’re replacing a new phone, and pay thousands of dollars for a new MCU hardware upgrade.
Of course, sometimes you catch up with the official welfare.
After the sale, the service staff will remove the old MCUs from the car and migrate the old MCU’s data to the new MCUs like a mobile phone move.
As for the old MCUs, according to Tesla, one was refurbished and used as a spare part, and the other was rounded (physically) with a hammer and thrown into the trash.
Anyway, how specific, poor judge also do not know.
The poor review jun only knew that a white hat hacker named “Green” bought four second-hand Tesla MCUs from a shopping site.
(Bad review jun looked down, a fish also sold Tesla disassembler MCU, another day to let the KK buy back to test )
Despite varying degrees of damage to the screen and hardware, he extracted the original owner’s address book, call logs, and passwords for some social accounts from the four MCUs’ eMMC stores…
In the past, someone spits out a Tesla is a large phone with wheels. If Tesla’s MCUs were pulled, it would be no different than the theft of a phone.
Seeing this, I guess everyone can see what’s going on:
Because Tesla’s car system doesn’t encrypt the hard drive, the old hardware that has been replaced can be read after it’s used by a heart-conscious person.
The fix is simpler: But if Tesla adds an encryption option to a future software release, all Tesla users will be able to encrypt their car hard drives.
The judge thinks that when Tesla will consider doing this encryption, it will depend on how strong the voice of the owners is.
There may be small partners feel that Tesla’s car machine will be changed once in a few years, most of the after-sales store quality should also be trusted, their own data happentomer to be the chance of being very small.
But not afraid of ten thousand, afraid of in case: someone can rely on a broken photo to analyze the sister’s specific address.
If you really let the person with a heart get the name, cell phone number and phone book, is the birth record can be picked out?
In short, the bad review of the Jun looked down all the way, feel a bit magical – such a simple problem, actually happened to Tesla. This…
Source: Supplied and Pictures Source:
CNBC, Tesla cars keep more data than you think, include this video of a crash ing totaled a Model 3
INSIDEEV, Tesla Data Leak: Old Components With Personal Info FindTheir Way On eBay