The Tesla Motors Inc. Model X sport utility vehicle (SUV).
David Paul Morris | Bloomberg | Getty Images
A Tesla Model X totaled in the U.S. late last year suddenly came back online and started sending notifications to the phone of its former owner, CNBC executive editor Jay Yarow, months later.
The car or its computer was suddenly online in a Southern region of war-torn Ukraine, he found by opening up his Tesla app and using a geolocation feature. The new owners in Ukraine were tapping into his still-connected Spotify app to listen to Drake radio playlists, he also discovered.
When Yarow posted about this to the social network X, formerly known as Twitter, his post went viral, and followers wanted to know why this this happening and whether it was a security risk.
According to the CTO of automotive security firm Canis Labs, Ken Tindell, there can indeed be a security risk with totaled cars that are restored.
He explained in an e-mail to CNBC, “The credentials to internet services are clearly left in the vehicle electronics and then can be used by whoever gets hold of the electronics.” He added, “In general it’s possible to get data out of working electronics — it’s merely a question of how much effort that takes.”
This is far from a Tesla-specific issue, he said. Cars, like laptops, smartphones, and even refrigerators and TVs, are now internet-connected devices that can store personal data.
“I think it needs to be more widely understood by dealers and owners that there is this issue of private data within the vehicle,” Tindell said.
Overseas demand for totaled Teslas
How did the vehicle end up in Ukraine?
CNBC found that after the car was totaled, online auction site Copart listed it for sale, according to website listings. The company, which currently has more than 1,600 Tesla vehicles listed for sale, is connected to salvage yards across the U.S., including one in New Jersey where the car ended up.
Copart specializes in damaged or totaled vehicles that have what’s called a “salvage title,” issued when an insurance company declares it a total loss, warning future buyers that there was a significant problem. Copart sells more than 2 million vehicles a year, with operations in 11 countries, according to the company’s website.
Such vehicles cannot legally drive on U.S. roadways, but some countries aren’t as stringent.
“Cars go to the repair shop or junk yard then find their way to a second market and then are suddenly being shipped overseas,” said Mike Dunne, a former General Motors international executive who now serves as CEO of auto consulting firm ZoZoGo.
The practice has been going on for decades and accelerated with the rise of digital auctions, according to Steven Lang, an auctioneer and founder of used car marketplace 48 Hours And A Used Car.
“Starting in the Y2K era, the digital auction site took over. So now you can have someone in Ukraine bidding on it. And then someone else from Norway bidding on it … and you haven’t even touched an American border or an American bidder,” said Lang, who has been in the vehicle auction business for more than 24 years.
“Virtually all of the vehicles that are totaled will end up at a salvage auction,” he said.
One online auction website that specializes in such sales estimated the winning bid for the vehicle would be between $27,400 and $29,400. A final sale price was not immediately known. Neither the salvage yard nor Copart immediately responded for comment about the vehicle and who bought it.
What owners can do after the fact
Tesla support staff told Yarow he should disconnect his car from his account, offering the following instructions via email:
1. Open the Tesla app Tap profile icon in top-right corner
2. Tap ‘Add/Remove Products’ > ‘Remove’ > ‘Vehicle’
3. Select the VIN, then tap ‘Get Started’
4. Enter the vehicle and sale details, then tap ‘Next’
5. Enter the new owner information, then tap ‘Next’
6. Enter security code from e-mail, then tap ‘Confirm’
7.Submit the request by clicking on ‘Remove Vehicle’
Reminder: If it asks if you sold the vehicle say yes.”
Tesla didn’t tell him how he was supposed to obtain the new owner information as he hadn’t sold the car.
According to Canis Labs CTO Ken Tindell, disconnecting one’s account from a totaled vehicle can help stop others from using apps that had been connected, such as Spotify in Yarow’s case. However, data could still be extracted from the totaled vehicle’s electronics.
“What would the trip history and phone book of a celebrity be worth to a blackmailer or a kidnapper?” Tintell asked.
He and other security experts compared the situation having an Apple laptop stolen. In some cases, Apple can wipe the laptop or device clean remotely when it comes online. But “a malign repair shop can take out the hard drive and copy all the data off it before scrapping a broken laptop.”
This is why Apple routinely encrypts its hard drives, the CTO noted. “It’s the only way to prevent the data being stolen by someone with physical access to an offline device.”
An automotive cybersecurity veteran and the founder of RightHook, Warren Ahner, said that ideally a company like Tesla would “Have a portal where a user can sign in with online credentials and say ‘remove all my info, then disconnect my vehicle from the account,’ and would be able issue a remote-wipe command to the car when it comes online, deleting it all including GPS, saved locations and the rest.”
However, he said, owners can be their own “personal risk police,” and avoid giving their vehicles or rental cars that they use lots of personal info.
“Always purge your data after you are done with the vehicle and try not to share more info with the car than you absolutely need to share,” Ahner recommended. “If I pair my phone with the car I’m renting or owning I don’t allow it to synch location and contacts. I only give it Bluetooth access to talk over the top of my music and so I can us whatever music streaming app I like.”
An automotive white hat hacker who uses the handle Green the Only has been sounding the alarm about data on cars for years. “All the phone directory and calendar stuff might be valuable,” he said.
Once a car or car computer has changed possession is back online, he says that the previous owners “can’t do much.” One problem is that an old owner can “accrue charges for Supercharging,” and other items Tesla — or other vehicle makers — may sell on a subscription or pay-per-charge basis. They can always submit a request to Tesla to remove the car from their account, but that’s it.
Green the Only agreed with Tindell and Ahner — Tesla “probably can add a ‘remote wipe and then remove from my account’ in addition to the ‘remove from my account’ option they have now. They probably should have added that long ago.”
Meta CEO Mark Zuckerberg appears at the Meta Connect event in Menlo Park, California, Sept. 25, 2024.
David Paul Morris | Bloomberg | Getty Images
Meta CEO Mark Zuckerberg slammed rival tech giant Apple for lackluster innovation efforts and “random rules” in a lengthy podcast interview on Friday.
“On the one hand, [the iPhone has] been great, because now pretty much everyone in the world has a phone, and that’s kind of what enables pretty amazing things,” Zuckerberg said in an episode of the “Joe Rogan Experience.” “But on the other hand … they have used that platform to put in place a lot of rules that I think feel arbitrary and [I] feel like they haven’t really invented anything great in a while. It’s like Steve Jobs invented the iPhone, and now they’re just kind of sitting on it 20 years later.”
Zuckerberg added that he thought iPhone sales were struggling because consumers are taking longer to upgrade their phones because new models aren’t big improvements from prior iterations.
“So how are they making more money as a company? Well, they do it by basically, like, squeezing people, and, like you’re saying, having this 30% tax on developers by getting you to buy more peripherals and things that plug into it,” Zuckerberg said. “You know, they build stuff like Air Pods, which are cool, but they’ve just thoroughly hamstrung the ability for anyone else to build something that can connect to the iPhone in the same way.”
Apple defends itself from pushback from other companies by saying that it doesn’t want to violate consumers’ privacy and security, according to Zuckerberg. But he said that the problem would be solved if Apple fixed its protocol, like building better security and using encryption.
“It’s insecure because you didn’t build any security into it. And then now you’re using that as a justification for why only your product can connect in an easy way,” Zuckerberg said.
Zuckerberg said that if Apple stopped applying its “random rules,” Meta’s profit would double.
He also took shots at Apple’s Vision Pro headset, which had disappointing U.S. sales. Meta sells its own virtual headsets called the Meta Quest.
“I think the Vision Pro is, I think, one of the bigger swings at doing a new thing that they tried in a while,” Zuckerberg said. “And I don’t want to give them too hard of a time on it, because we do a lot of things where the first version isn’t that good, and you want to kind of judge the third version of it. But I mean, the V1, it definitely did not hit it out of the park.”
“I heard it’s really good for watching movies,” he added.
Apple did not immediately respond to a request for comment from CNBC.
Mark Zuckerberg’s announcement this week that Meta would pivot its moderation policies to allow more “free expression” was widely viewed as the company’s latest effort to appease President-elect Donald Trump.
More than any of its Silicon Valley peers, Meta has taken numerous public steps to make amends with Trump since his election victory in November.
That follows a highly contentious four years between the two during Trump’s first term in office, which ended with Facebook — similar to other social media companies — banning Trump from its platform.
As recently as March, Trump was using his preferred nickname of “Zuckerschmuck” when talking about Meta’s CEO and declaring that Facebook was an “enemy of the people.”
With Meta now positioning itself to be a key player in artificial intelligence, Zuckerberg recognizes the need for White House support as his company builds data centers and pursues policies that will allow it to fulfill its lofty ambitions, according to people familiar with the company’s plans who asked not to be named because they weren’t authorized to speak on the matter.
“Even though Facebook is as powerful as it is, it still had to bend the knee to Trump,” said Brian Boland, a former Facebook vice president, who left the company in 2020.
Meta declined to comment for this article.
In Tuesday’s announcement, Zuckerberg said Meta will end third-party fact-checking, remove restrictions on topics such as immigration and gender identity and bring political content back to users’ feeds. Zuckerberg pitched the sweeping policy changes as key to stabilizing Meta’s content-moderation apparatus, which he said had “reached a point where it’s just too many mistakes and too much censorship.”
The policy change was the latest strategic shift Meta has taken to buddy up with Trump and Republicans since Election Day.
A day earlier, Meta announced that UFC CEO Dana White, a longtime Trump friend, is joining the company’s board.
And last week, Meta announced that it was replacing Nick Clegg, its president of global affairs, with Joel Kaplan, who had been the company’s policy vice president. Clegg previously had a career in British politics with the Liberal Democrats party, including as a deputy prime minister, while Kaplan was a White House deputy chief of staff under former President George W. Bush.
Kaplan, who joined Meta in 2011 when it was still known as Facebook, has longstanding ties to the Republican Party and once worked as a law clerk for the late conservative Supreme Court Justice Antonin Scalia. In December, Kaplan posted photos on Facebook of himself with Vice President-elect JD Vance and Trump during their visit to the New York Stock Exchange.
Joel Kaplan, Facebook’s vice president of global policy, on April 17, 2018.
Niall Carson | PA Images | Getty Images
Many Meta employees criticized the policy change internally, with some saying the company is absolving itself of its responsibility to create a safe platform. Current and former employees also expressed concern that marginalized communities could face more online abuse due to the new policy, which is set to take effect over the coming weeks.
Despite the backlash from employees, people familiar with the company’s thinking said Meta is more willing to make these kinds of moves after laying off 21,000 employees, or nearly a quarter of its workforce, in 2022 and 2023.
Those cuts affected much of Meta’s civic integrity and trust and safety teams. The civic integrity group was the closest thing the company had to a white-collar union, with members willing to push back against certain policy decisions, former employees said. Since the job cuts, Zuckerberg faces less friction when making broad policy changes, the people said.
Zuckerberg’s overtures to Trump began in the months leading up to the election.
Following the first assassination attempt on Trump in July, Zuckerberg called the photo of Trump raising his fist with blood running down his face “one of the most badass things I’ve ever seen in my life.”
A month later, Zuckerberg penned a letter to the House Judiciary Committee alleging that the Biden administration had pressured Meta’s teams to censor certain Covid-19 content.
“I believe the government pressure was wrong, and I regret that we were not more outspoken about it,” he wrote.
After Trump’s presidential victory, Zuckerberg joined several other technology executives who visited the president-elect’s Mar-a-Lago resort in Florida. Meta also donated $1 million to Trump’s inaugural fund.
On Friday, Meta revealed to its workforce in a memo obtained by CNBC that it intends to shutter several internal programs related to diversity and inclusion in its hiring process, representing another Trump-friendly move.
The previous day, some details of the company’s new relaxed content-moderation guidelines were published by the news site The Intercept, showing the kind of offensive rhetoric that Meta’s new policy would now allow, including statements such as “Migrants are no better than vomit” and “I bet Jorge’s the one who stole my backpack after track practice today. Immigrants are all thieves.”
Recalibrating for Trump
Zuckerberg, who has been dragged to Washington eight times to testify before congressional committees during the last two administrations, wants to be perceived as someone who can work with Trump and the Republican Party, people familiar with the matter said.
Though Meta’s content-policy updates caught many of its employees and fact-checking partners by surprise, a small group of executives were formulating the plans in the aftermath of the U.S. election results. By New Year’s Day, leadership began planning the public announcements of its policy change, the people said.
Meta typically undergoes major “recalibrations” after prominent U.S. elections, said Katie Harbath, a former Facebook policy director and CEO of tech consulting firm Anchor Change. When the country undergoes a change in power, Meta adjusts its policies to best suit its business and reputational needs based on the political landscape, Harbath said.
“In 2028, they’ll recalibrate again,” she said.
After the 2016 election and Trump’s first victory, for example, Zuckerberg toured the U.S. to meet people in states he hadn’t previously visited. He published a 6,000-word manifesto emphasizing the need for Facebook to build more community.
The social media company faced harsh criticism about fake news and Russian election interference on its platforms after the 2016 election.
Following the 2020 election, during the heart of the pandemic, Meta took a harder stand on Covid-19 content, with a policy executive saying in 2021 that the “amount of COVID-19 vaccine misinformation that violates our policies is too much by our standards.” Those efforts may have appeased the Biden administration, but it drew the ire of Republicans.
Meta is once again reacting to the moment, Harbath said.
“There wasn’t a business risk here in Silicon Valley to be more right-leaning,” Harbath said.
While Trump has offered few specific policy proposals for his second administration, Meta has plenty at stake.
The White House could create more relaxed AI regulations compared with those in the European Union, where Meta says harsh restrictions have resulted in the company not releasing some of its more advanced AI technologies. Meta, like other tech giants, also needs more massive data centers and cutting-edge computer chips to help train and run their advanced AI models.
“There’s a business benefit to having Republicans win, because they are traditionally less regulatory,” Harbath said.
Meta’s CEO Mark Zuckerberg reacts as he testifies during the Senate Judiciary Committee hearing on online child sexual exploitation at the U.S. Capitol in Washington, U.S., January 31, 2024.
Evelyn Hockstein | Reuters
Meta isn’t alone in trying to cozy up to Trump. But the extreme measures the company is taking reflects a particular level of animus expressed by Trump over the years.
Trump has accused Meta of censorship and has expressed resentment over the company’s two-year suspension of his Facebook and Instagram accounts following the Jan. 6 attack on the Capitol.
In July 2024, Trump posted on Truth Social that he intended to “pursue Election Fraudsters at levels never seen before, and they will be sent to prison for long periods of time,” adding “ZUCKERBUCKS, be careful!” Trump reiterated that statement in his book, “Save America,” writing that Zuckerberg plotted against him during the 2020 election and that the Meta CEO would “spend the rest of his life in prison” if it happened again.
Meta spends $14 million annually on providing personal security for Zuckerberg and his family, according to the company’s 2024 proxy statement. As part of that security, the company analyzes any threats or perceived threats against its CEO, according to a person familiar with the matter. Those threats are cataloged, analyzed and dissected by Meta’s multitude of security teams.
After Trump’s comments, Meta’s security teams analyzed how Trump could weaponize the Justice Department and the country’s intelligence agencies against Zuckerberg and what it would cost the company to defend its CEO against a sitting president, said the person, who asked not to be named because of confidentiality.
Meta’s efforts to appease the incoming president bring their own risks.
After Zuckerberg announced the new speech policy Tuesday, Boland, the former executive, was among a number of users who took to Meta’s Threads service to tell their followers that they were quitting Facebook.
“Last post before deleting,” Boland wrote in his post.
Before the post could be seen by any of his Threads followers, Meta’s content moderation system had taken it down, citing cybersecurity reasons.
Boland told CNBC in an interview that he couldn’t help but chuckle at the situation.
“It’s deeply ironic,” Boland said.
— CNBC’s Salvador Rodriguez contributed to this report.
Apple is losing market share in China due to declining iPhone shipments, supply chain analyst Ming-Chi Kuo wrote in a report on Friday. The stock slid 2.4%.
“Apple has adopted a cautious stance when discussing 2025 iPhone production plans with key suppliers,” Kuo, an analyst at TF Securities, wrote in the post. He added that despite the expected launch of the new iPhone SE 4, shipments are expected to decline 6% year over year for the first half of 2025.
Kuo expects Apple’s market share to continue to slide, as two of the coming iPhones are so thin that they likely will only support eSIM, which the Chinese market currently does not promote.
“These two models could face shipping momentum challenges unless their design is modified,” he wrote.
Kuo wrote that in December, overall smartphone shipments in China were flat from a year earlier, but iPhone shipments dropped 10% to 12%.
There is also “no evidence” that Apple Intelligence, the company’s on-device artificial intelligence offering, is driving hardware upgrades or services revenue, according to Kuo. He wrote that the feature “has not boosted iPhone replacement demand,” according to a supply chain survey he conducted, and added that in his view, the feature’s appeal “has significantly declined compared to cloud-based AI services, which have advanced rapidly in subsequent months.”
Apple’s estimated iPhone shipments total about 220 million units for 2024 and between about 220 million and 225 million for this year, Kuo wrote. That is “below the market consensus of 240 million or more,” he wrote.
Apple did not immediately respond to CNBC’s request for comment.