The sport utility vehicle (SUV) from Tesla Motors Inc., the Model X, had an interesting turn of events after it was totaled in the U.S. last year. The car suddenly came back online and started sending notifications to its former owner, Jay Yarow, who is the CNBC executive editor. Yarow discovered that his car, or rather its computer system, was now online in war-torn Ukraine when he used the geolocation feature on his Tesla app. The new owners in Ukraine were even using his still-connected Spotify app to listen to Drake radio playlists.
Yarow’s post about this incident on the social network X (formerly Twitter) went viral and raised questions about the security risks involved in restored totaled cars. Ken Tindell, the CTO of automotive security firm Canis Labs, explained that there can indeed be a security risk with restored totaled cars because the credentials to internet services are left in the vehicle electronics and can be used by anyone who gains access to them. He also stated that this is not just a Tesla-specific issue, as all cars and even other internet-connected devices like laptops and smartphones can store personal data.
So how did Yarow’s vehicle end up in Ukraine? It turns out that after the car was totaled, it was listed for sale on the online auction site Copart, which specializes in damaged or totaled vehicles with salvage titles. Copart has more than 1,600 Tesla vehicles listed for sale and is connected to salvage yards across the U.S. The car eventually ended up in a salvage yard in New Jersey, from where it was purchased and shipped overseas. This practice of vehicles being sold overseas after being declared salvage has been going on for decades and has been accelerated by digital auctions.
The winning bid for Yarow’s vehicle was estimated to be between $27,400 and $29,400 on an online auction website that specializes in such sales. The current owner of the vehicle is unknown.
For owners who find themselves in a similar situation, Tesla support staff advised Yarow to disconnect his car from his account to prevent others from using connected apps. However, Tindell pointed out that data can still be extracted from the vehicle’s electronics. He compared this situation to having an Apple laptop stolen, where Apple can remotely wipe the device clean when it comes online. Tindell believes that Tesla should have a portal where users can sign in and request the removal of all their information from the vehicle, along with a remote-wipe command to delete all data when the car comes online.
Warren Ahner, an automotive cybersecurity expert and founder of RightHook, suggested that owners should be their own “personal risk police” and avoid giving their vehicles or rental cars unnecessary personal information. He also recommended purging data from the vehicle after use and limiting the information shared with the car.
In conclusion, the case of Yarow’s Tesla Model X being online and used by new owners in Ukraine highlights the security risks associated with restored totaled cars. It is important for dealers and owners to be aware of the issue of private data remaining in the vehicle’s electronics and take necessary steps to protect their information.
Denial of responsibility! VigourTimes is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
