Technology

A totaled Tesla was sold for parts in the US but came back online in the Ukraine — here’s what happened

Published

2 years ago

August 10, 2023

admin

The Tesla Motors Inc. Model X sport utility vehicle (SUV).

David Paul Morris | Bloomberg | Getty Images

A Tesla Model X totaled in the U.S. late last year suddenly came back online and started sending notifications to the phone of its former owner, CNBC executive editor Jay Yarow, months later.

The car or its computer was suddenly online in a Southern region of war-torn Ukraine, he found by opening up his Tesla app and using a geolocation feature. The new owners in Ukraine were tapping into his still-connected Spotify app to listen to Drake radio playlists, he also discovered.

When Yarow posted about this to the social network X, formerly known as Twitter, his post went viral, and followers wanted to know why this this happening and whether it was a security risk.

According to the CTO of automotive security firm Canis Labs, Ken Tindell, there can indeed be a security risk with totaled cars that are restored.

He explained in an e-mail to CNBC, “The credentials to internet services are clearly left in the vehicle electronics and then can be used by whoever gets hold of the electronics.” He added, “In general it’s possible to get data out of working electronics — it’s merely a question of how much effort that takes.”

This is far from a Tesla-specific issue, he said. Cars, like laptops, smartphones, and even refrigerators and TVs, are now internet-connected devices that can store personal data.

“I think it needs to be more widely understood by dealers and owners that there is this issue of private data within the vehicle,” Tindell said.

Overseas demand for totaled Teslas

How did the vehicle end up in Ukraine?

CNBC found that after the car was totaled, online auction site Copart listed it for sale, according to website listings. The company, which currently has more than 1,600 Tesla vehicles listed for sale, is connected to salvage yards across the U.S., including one in New Jersey where the car ended up.

Copart specializes in damaged or totaled vehicles that have what’s called a “salvage title,” issued when an insurance company declares it a total loss, warning future buyers that there was a significant problem. Copart sells more than 2 million vehicles a year, with operations in 11 countries, according to the company’s website.

Such vehicles cannot legally drive on U.S. roadways, but some countries aren’t as stringent.

“Cars go to the repair shop or junk yard then find their way to a second market and then are suddenly being shipped overseas,” said Mike Dunne, a former General Motors international executive who now serves as CEO of auto consulting firm ZoZoGo.

The practice has been going on for decades and accelerated with the rise of digital auctions, according to Steven Lang, an auctioneer and founder of used car marketplace 48 Hours And A Used Car.

“Starting in the Y2K era, the digital auction site took over. So now you can have someone in Ukraine bidding on it. And then someone else from Norway bidding on it … and you haven’t even touched an American border or an American bidder,” said Lang, who has been in the vehicle auction business for more than 24 years.

“Virtually all of the vehicles that are totaled will end up at a salvage auction,” he said.

One online auction website that specializes in such sales estimated the winning bid for the vehicle would be between $27,400 and $29,400. A final sale price was not immediately known. Neither the salvage yard nor Copart immediately responded for comment about the vehicle and who bought it.

What owners can do after the fact

Tesla support staff told Yarow he should disconnect his car from his account, offering the following instructions via email:

1. Open the Tesla app Tap profile icon in top-right corner

2. Tap ‘Add/Remove Products’ > ‘Remove’ > ‘Vehicle’

3. Select the VIN, then tap ‘Get Started’

4. Enter the vehicle and sale details, then tap ‘Next’

5. Enter the new owner information, then tap ‘Next’

6. Enter security code from e-mail, then tap ‘Confirm’

7.Submit the request by clicking on ‘Remove Vehicle’

Reminder: If it asks if you sold the vehicle say yes.”

Tesla didn’t tell him how he was supposed to obtain the new owner information as he hadn’t sold the car.

According to Canis Labs CTO Ken Tindell, disconnecting one’s account from a totaled vehicle can help stop others from using apps that had been connected, such as Spotify in Yarow’s case. However, data could still be extracted from the totaled vehicle’s electronics.

“What would the trip history and phone book of a celebrity be worth to a blackmailer or a kidnapper?” Tintell asked.

He and other security experts compared the situation having an Apple laptop stolen. In some cases, Apple can wipe the laptop or device clean remotely when it comes online. But “a malign repair shop can take out the hard drive and copy all the data off it before scrapping a broken laptop.”

This is why Apple routinely encrypts its hard drives, the CTO noted. “It’s the only way to prevent the data being stolen by someone with physical access to an offline device.”

An automotive cybersecurity veteran and the founder of RightHook, Warren Ahner, said that ideally a company like Tesla would “Have a portal where a user can sign in with online credentials and say ‘remove all my info, then disconnect my vehicle from the account,’ and would be able issue a remote-wipe command to the car when it comes online, deleting it all including GPS, saved locations and the rest.”

However, he said, owners can be their own “personal risk police,” and avoid giving their vehicles or rental cars that they use lots of personal info.

“Always purge your data after you are done with the vehicle and try not to share more info with the car than you absolutely need to share,” Ahner recommended. “If I pair my phone with the car I’m renting or owning I don’t allow it to synch location and contacts. I only give it Bluetooth access to talk over the top of my music and so I can us whatever music streaming app I like.”

An automotive white hat hacker who uses the handle Green the Only has been sounding the alarm about data on cars for years. “All the phone directory and calendar stuff might be valuable,” he said.

Once a car or car computer has changed possession is back online, he says that the previous owners “can’t do much.” One problem is that an old owner can “accrue charges for Supercharging,” and other items Tesla — or other vehicle makers — may sell on a subscription or pay-per-charge basis. They can always submit a request to Tesla to remove the car from their account, but that’s it.

Green the Only agreed with Tindell and Ahner — Tesla “probably can add a ‘remote wipe and then remove from my account’ in addition to the ‘remove from my account’ option they have now. They probably should have added that long ago.”

Technology

SpaceX aims for $800 billion valuation in secondary share sale, WSJ reports

Published

7 hours ago

December 6, 2025

admin

SpaceX aims for 0 billion valuation in secondary share sale, WSJ reports

Dado Ruvic | Reuters

Elon Musk’s SpaceX, is initiating a secondary share sale that would give the company a valuation of up to $800 billion, The Wall Street Journal reported Friday.

SpaceX is also telling some investors it will consider going public possibly around the end of next year, the report said.

At the elevated price, Musk’s aerospace and defense contractor would be valued above ChatGPT maker OpenAI, which wrapped up a share sale at a $500 billion valuation in October.

SpaceX has been investing heavily in reusable rockets, launch facilities and satellites, while competing for government contracts with newer space players, including Jeff Bezos‘ Blue Origin. SpaceX is far ahead, and operates the world’s largest network of satellites in low earth orbit through Starlink, which powers satellite internet services under the same brand name.

A SpaceX IPO would include its Starlink business, which the company previously considered spinning out.

Musk recently discussed whether SpaceX would go public during Tesla‘s annual shareholders meeting last month. Musk, who is the CEO of both companies, said he doesn’t love running publicly traded businesses, in part because they draw “spurious lawsuits,” and can “make it very difficult to operate effectively.”

However, Musk said during the meeting that he wanted to “try to figure out some way for Tesla shareholders to participate in SpaceX,” adding, “maybe at some point, SpaceX should become a public company despite all the downsides.”

WATCH: What retail investors should know about OpenAI and SpaceX

Technology

Judge finalizes remedies in Google antitrust case

Published

9 hours ago

December 5, 2025

admin

Judge finalizes remedies in Google antitrust case

The logo for Google LLC is seen at the Google Store Chelsea in Manhattan, New York City, U.S., November 17, 2021.

Andrew Kelly | Reuters

A U.S. judge on Friday finalized his decision for the consequences Google will face for its search monopoly ruling, adding new details to the decided remedies.

Last year, Google was found to hold an illegal monopoly in its core market of internet search, and in September, U.S. District Judge Amit Mehta ruled against the most severe consequences that were proposed by the Department of Justice.

That included the proposal of a forced sale of Google’s Chrome browser, which provides data that helps the company’s advertising business deliver targeted ads. Alphabet shares popped 8% in extended trading as investors celebrated what they viewed as minimal consequences from a historic defeat last year in the landmark antitrust case.

Investors largely shrugged off the ruling as non-impactful to Google. However some told CNBC it’s still a bite that could “sting.”

Mehta on Friday issued additional details for his ruling in new filings.

“The age-old saying ‘the devil is in the details’ may not have been devised with the drafting of an antitrust remedies judgment in mind, but it sure does fit,” Mehta wrote in one of the Friday filings.

Google did not immediately respond to a request for comment. The company has previously said it will appeal the remedies.

In August 2024, Mehta ruled that Google violated Section 2 of the Sherman Act and held a monopoly in search and related advertising. The antitrust trial started in September 2023.

In his September decision, Mehta said the company would be able to make payments to preload products, but it could not have exclusive contracts that condition payments or licensing. Google was also ordered to loosen its hold on search data. Mehta in September also ruled that Google would have to make available certain search index data and user interaction data, though “not ads data.”

The DOJ had asked Google to stop the practice of “compelled syndication,” which refers to the practice of making certain deals with companies to ensure its search engine remains the default choice in browsers and smartphones.

The judge’s September ruling didn’t end the practice entirely — Mehta ruled out that Google couldn’t enter into exclusive deals, which was a win for the company. Google pays Apple billions of dollars per year to be the default search engine on iPhones. It’s lucrative for Apple and a valuable way for Google to get more search volume and users.

Mehta’s new details

In the Friday filings, Mehta wrote that Google cannot enter into any deal like the one it’s had with Apple “unless the agreement terminates no more than one year after the date it is entered.”

This includes deals involving generative artificial intelligence products, including any “application, software, service, feature, tool, functionality, or product” that involve or use genAI or large-language models, Mehta wrote.

GenAI “plays a significant role in these remedies,” Mehta wrote.

The judge also reiterated the web index data it will require Google to share with certain competitors.

Google has to share some of the raw search interaction data it uses to train its ranking and AI systems, but it does not have to share the actual algorithms — just the data that feeds them.” In September, Mehta said those data sets represent a “small fraction” of Google’s overall traffic, but argued the company’s models are trained on data that contributed to Google’s edge over competitors.

The company must make this data available to qualified competitors at least twice, one of the Friday filing states. Google must share that data in a “syndication license” model whose term will be five years from the date the license is signed, the filing states.

Mehta on Friday also included requirements on the makeup of a technical committee that will determine the firms Google must share its data with.

Committee “members shall be experts in some combination of software engineering, information retrieval, artificial intelligence, economics, behavioral science, and data privacy and data security,” the filing states.

The judge went on to say that no committee member can have a conflict of interest, such as having worked for Google or any of its competitors in the six months prior to or one year after serving in the role.

Google is also required to appoint an internal compliance officer that will be responsible “for administering Google’s antitrust compliance program and helping to ensure compliance with this Final Judgment,” per one of the filings. The company must also appoint a senior business executive “whom Google shall make available to update the Court on Google’s compliance at regular status conferences or as otherwise ordered.”

This is breaking news. Check back for updates.