Forensic Analysis of BYD Telematics Unit Reveals Crash Data and Privacy Risks
What Happened — Researchers from Quarkslab physically dismantled a BYD Seal telematics control unit (TCU), dumped its NAND flash memory, and correlated the recovered logs with publicly‑available OSINT (a Facebook post about a crash). The exercise demonstrated that vehicle telematics can retain detailed incident data that is recoverable even after the device is removed from the car.
Why It Matters for TPRM —
- Embedded automotive ECUs may store personally‑identifiable or safety‑critical data that third‑party service providers could inadvertently expose.
- Lack of secure data sanitization in TCUs creates a supply‑chain privacy risk for OEMs, fleet operators, and insurers.
- The ability to acquire firmware from second‑hand sources highlights the need for robust OTA update and secure erase policies.
Who Is Affected — Automotive manufacturers (especially Chinese OEMs such as BYD), Tier‑1 suppliers, fleet managers, insurance firms, and any organization that relies on telematics data for safety or analytics.
Recommended Actions —
- Verify that your automotive suppliers implement secure deletion of logs before de‑commissioning or resale.
- Require OTA update capabilities that include cryptographically‑verified firmware and remote wipe functions.
- Incorporate telematics data‑handling controls into your third‑party risk assessments and contractual clauses.
Technical Notes — The TCU contains a S32K144U MCU, a Qualcomm MDM9628 LTE modem, and a Micron MCP NAND+LPDRAM package running a Linux‑based filesystem. Researchers performed a chip‑off attack on the MCP, extracted the raw flash image, and identified crash‑event logs, GPS traces, and eCall metadata. No CVE was exploited; the exposure stems from insecure data retention and lack of secure erase. Source: Quarkslab Blog