Your IT Consultant

User Data Found on Resold Tesla Parts

May 6, 2020

Proper disposal of electronic equipment is a must to protect user privacy. You should be wiping hard drives for any computer you donate or recycle. We should be taking the same or similar action when dealing with other electronic devices. Ars technica reported that a researcher purchased Tesla MCUs (media control units) on eBay and was able to retrieve all kinds of information. The post stated, "Examples included phonebooks from connected cell phones, call logs containing hundreds of entries, recent calendar entries, Spotify and W-Fi passwords stored in plaintext, locations for home, work, and all places navigated to, and session cookies that allowed access to Netflix and YouTube (and attached Gmail accounts)."

The 13 units he reviewed indicated that their last location was a Tesla service center, which would indicate they were removed by an authorized technician. Apparently the technician did not factory reset the unit before removing it. You should make sure the service technician resets any electronics that may contain user data or reset it yourself when you trade in or sell your vehicle. Don't forget about other devices that may contain information related to your usage. Clear out any Wi-Fi configuration data if disposing any smart light bulbs. Factory reset any smart doorbells, smart irrigation controllers, digital assistants (e.g. Alexa, Google Home, etc.), smartphones, fitness trackers, etc.

Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com