Monday December 16, 2019
Home Lead Story Researchers ‘...

Researchers ‘Extract’ Data From Junked Tesla Cars

The electric car maker was fairly quick to fix vulnerabilities exposed by white hat hackers

0
//
tesla
According to the report, data stored on Tesla models is not automatically erased when the car is hauled away from an accident site or sold at auction. Pixabay

In a shocking revelation, security researchers have extracted personal and unencrypted data — videos, phonebooks, calendar items — of Tesla users from crashed models sold at junkyards and auctions.

According to a CNBC report, a security researcher who goes by the name GreenTheOnly extracted data from the computers in salvaged Tesla Model S, Model X and two Model 3 vehicles.

“The computers on Tesla vehicles keep everything that drivers have voluntarily stored on their cars, plus tons of other information generated by the vehicles, including video, location and navigational data showing exactly what happened leading up to a crash,” the report claimed on Friday, citing researchers.

A Tesla spokesperson told CNBC the company offers options that customers can use to protect personal data stored on their car. “It includes a factory reset option for deleting personal data and restoring customised settings to factory defaults, and a Valet Mode for hiding personal data (among other functions) when giving their keys to a valet,” the spokesperson was quoted as saying.

“We are committed to finding and improving upon the right balance between technical vehicle needs and the privacy of customers,” the Tesla spokesperson said.

According to the report, data stored on Tesla models is not automatically erased when the car is hauled away from an accident site or sold at auction.

tesla
Tesla recently had to give away one of their Model 3 cars and $35,000 prize money to a group of hackers after they cracked its system at a hacking event. PIxabay

GreenTheOnly and his fellow white-hat hacker “Theo” bought a wrecked Model 3 to evaluate the data that remains in the car’s computers after a crash. They extracted records that showed the car’s computers had stored data from at least 17 different devices.

“Mobile phones or tablets had paired to the car around 170 times. The Model 3 held 11 phonebooks’ worth of contact information from drivers or passengers who had paired their devices, and calendar entries with descriptions of planned appointments, and e-mail addresses of those invited,” the report said.

Tesla recently had to give away one of their Model 3 cars and $35,000 prize money to a group of hackers after they cracked its system at a hacking event.

Amat Cama and Richard Zhu of team Fluoroacetate exposed vulnerability in the vehicle system during the Pwn2Own 2019 hacking competition, organised by Trend Micro’s “Zero Day Initiative (ZDI)”, in Vancouver, Canada, this week.

Also Read- Apple Calls off its ‘AirPower’ Product: Report

As part of Tesla’s bug bounty programme, the company has paid hundreds of thousands of dollars in rewards to hackers who exposed vulnerabilities in its systems.

The electric car maker was fairly quick to fix vulnerabilities exposed by white hat hackers. (IANS)

Next Story

Facebook, Twitter Reveal That Android Apps Accessed Users Data

Twitter and Facebook said they will notify those whose information was likely shared through apps

0
Android Smartphone phone
Smartphones have become the most important gadget to own these days & Android is a mobile operating system. Pixabay

In yet another data breach, Facebook and Twitter have admitted that data of hundreds of users was improperly accessed by some third-party apps on Android Google Play Store as they logged into those apps.

Security researchers discovered that the One Audience and Mobiburn software development kits (SDK) provided access to users’ data, including email addresses, usernames, and recent tweets, on both the platforms.

Twitter and Facebook said they will notify those whose information was likely shared through apps.

“We recently received a report about a malicious mobile software development kit (SDK) maintained by One Audience. We are informing you about this today because we believe we have a responsibility to inform you of incidents that may impact the safety of your personal data or Twitter account,” the micro-blogging platform said in a statement late Monday.

The companies were notified of the vulnerability by third-party security researchers.

Android is a mobile operating system
Android is a mobile operating system based on a modified version of the Linux kernel and other open source software. Pixabay

A Facebook spokesperson told The Verge: “After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn”.

We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email and gender”.

At the moment, it looks iOS users were not impacted.

According to Twitter, this issue is not due to a vulnerability in Twitter’s software, but rather the lack of isolation between SDKs within an application.

“We have evidence that this SDK was used to access people’s personal data for at least some Twitter account holders using Android, however, we have no evidence that the iOS version of this malicious SDK targeted people who use Twitter for iOS,” said Twitter.

Twitter has informed Google and Apple about the malicious SDK so they can take further action if needed.

Android apps in a tablet
Some of the best apps available for Android smartphones. Pixabay

“We will be directly notifying people who use Twitter for Android who may have been impacted by this issue,” it added.

Earlier this month, Facebook revealed that at least 100 app developers may have accessed Facebook users’ data for months, confirming that at least 11 partners “accessed group members” information in the last 60 days”.

ALSO READ: Facebook Turned To Privacy Champion By Embracing Encrypted Messaging

The social networking giant found that the apps – primarily social media management and video streaming apps – retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API (application programming interface).

According to the company, the apps designed to make it easier for group admins to manage their groups more effectively and help members share videos to their groups. (IANS)