Here’s how a wrecked American Tesla ended up in Ukraine for repair after being sold for spares in the United States


Last year, a Tesla Model X that had been totaled in the U.S. unexpectedly reconnected online and began sending notifications to its former owner, Jay Yarow. The car was now in war-torn Ukraine, and the new owners were even using the previous owner’s Spotify app to listen to music. This incident raises security concerns regarding restored totaled cars, as credentials to internet services often remain in the vehicle electronics, potentially accessible to new owners.

According to Ken Tindell, CTO of Canis Labs, a firm specializing in automotive security, data extraction from working electronics is possible with some effort. He stressed that this issue extends beyond Tesla, highlighting that internet-connected vehicles, like other smart devices, store personal data and could pose privacy risks.

The car’s journey from being totaled to ending up in Ukraine involves intermediary steps like being listed on online auction sites such as Copart, which specializes in damaged vehicles with salvage titles. Such vehicles can’t legally operate in the U.S., but they can be shipped overseas where regulations might be less stringent.

In response to the situation, Tesla suggested that the former owner disconnect the car from their account. However, this doesn’t completely eliminate the risk, as data could still be extracted from the vehicle’s electronics. Security experts recommended that vehicle manufacturers implement features allowing users to remotely wipe data and disconnect the car from their account when the vehicle changes ownership.

While Tesla’s situation has highlighted the potential risks, this issue underscores the broader challenge of securing personal data stored in internet-connected vehicles. As the automotive industry embraces more digital features, addressing these security concerns will be critical to protect user privacy and prevent unauthorized access to personal information.

Read More: