A Tesla Model X SUV that was totaled in the U.S. last year has resurfaced in war-torn Ukraine, sending notifications to its former owner’s phone. CNBC executive editor Jay Yarow discovered that the car or its computer was suddenly online in Ukraine, and the new owners were using his still-connected Spotify app to listen to music. This incident has raised concerns about the security risks associated with restored totaled cars. Ken Tindell, the CTO of automotive security firm Canis Labs, explained that the credentials to internet services are often left in the vehicle electronics and can be used by whoever gets hold of them. This issue is not specific to Tesla, as cars, like other internet-connected devices, can store personal data. Experts suggest that dealers and owners need to be more aware of the potential privacy risks associated with vehicles.
The vehicle ended up in Ukraine after being listed for sale on online auction site Copart. The company specializes in selling damaged or totaled vehicles with salvage titles, which warn future buyers of significant problems. While such vehicles cannot legally be driven on U.S. roads, they can be shipped overseas to countries with less stringent regulations. The practice of selling totaled vehicles at salvage auctions has been going on for decades but has accelerated with the rise of digital auctions. The winning bid for the Tesla Model X in question was estimated to be between $27,400 and $29,400.
After discovering that his car was being used by new owners in Ukraine, Yarow sought assistance from Tesla support staff. They advised him to disconnect his car from his account, but did not provide instructions on how to obtain the new owner information. Disconnecting the account can help prevent others from using connected apps, but data can still be extracted from the vehicle’s electronics. Experts compare the situation to having a stolen laptop, where data can be copied off the hard drive before it is scrapped. They suggest that companies like Tesla should have a portal where users can remove all their information and issue a remote-wipe command to the car when it comes online.
In the meantime, owners are advised to be cautious with the personal information they share with their vehicles and to purge data after using a rental or owned vehicle. The issue of data security in cars has been a concern for years, and experts believe that companies like Tesla should have implemented additional security measures, such as remote wiping and removing from accounts, to protect user data.
What are the potential security risks associated with restored totaled cars and their internet-connected devices?
Ot devices, are vulnerable to hacking and exploitation. It highlights the need for manufacturers to prioritize security measures to protect both the physical and digital assets of their vehicles.
In a surprising turn of events, a Tesla Model X SUV that was declared totaled in the US last year has resurfaced in war-ravaged Ukraine. The former owner was left perplexed when notifications from the vehicle began popping up on their phone. CNBC executive editor Jay Yarow stumbled upon this peculiar occurrence after realizing that the vehicle or its computer had suddenly connected to the internet in Ukraine. What’s more, the new owners were using the still-connected Spotify app to listen to music.
This incident has sparked apprehension surrounding the security risks associated with restored totaled cars. It brings to light the fact that credentials for internet services are often left within the vehicle electronics, creating a potential loophole for exploitation. These credentials can be used by anyone who gains access to them, making it imperative for manufacturers to address these security vulnerabilities promptly.
Ken Tindell, the CTO of Canis Labs, an automotive security firm, shed light on the matter by emphasizing that this issue is not exclusive to Tesla. All vehicles, similar to other internet-connected devices, are susceptible to hacking and manipulation. This event serves as a reminder to industry players that security should be a paramount concern to safeguard both the physical and digital aspects of their vehicles.
Totaled Teslas should undergo thorough data wipe to prevent any security breaches and protect customers’ personal information.