Salvaged telematic control units (TCUs) can contain unencrypted, non‑volatile GNSS logs and system files that record a vehicle’s entire journey from factory to scrapyard. Anyone with physical access to the module (salvage yards, resellers, or attackers) can extract sensitive location history and configuration data without manufacturer cooperation.
— This reveals a persistent privacy and security gap spanning auto manufacturing, the secondary hardware market, and cross‑border salvage chains, implying a need for standards on data wiping, hardware design, and end‑of‑life handling.
EditorDavid
2026.04.18
100% relevant
Romain Marchand (Quarkslab) extracted a Linux filesystem from a Micron MCP (NAND) on a Qualcomm‑based TCU from a BYD vehicle and recovered unencrypted GNSS logs showing the car’s route from China to the UK and final wrecking in Poland.
← Back to All Ideas