Tesla Internal Servers Infected with Cryptocurrency Miner

Mae Love
February 21, 2018

Hackers gained access to the electric auto company's Amazon cloud account, where they were able to view "sensitive data" such as vehicle telemetry.

According to security research firm RedLock's Cloud Security Intelligence (CSI) team, electric vehicle manufacturer Tesla's cloud account was hacked and used to mine cryptocurrency. A Tesla spokesperson said that no customer data was impacted by the breach.

Hackers recently stole computing power from electric carmaker Tesla in an effort to mine cryptocurrency.

It's only the latest example of several detected by cloud security outfit RedLock, which has tracked a series of Kubernetes admin consoles wide open to anyone looking.

Vehicle data from Tesla could have been exposed to the hackers through the Amazon "simple storage service" (S3) bucket, the researchers found.

Because they used a custom mining pool, it is unclear how much money this hacker group made.

But that deterrent no longer exists, which could encourage more people to flee the Obamacare markets for short-term coverage. Under current rules, such "short-term, limited-duration insurance" can not last for more than three months.

Home Depot Reports Better-than-expected Earning Results
Ed Beddow decreased its stake in Liberty Global A Plc (LBTYA) by 58.23% based on its latest 2017Q3 regulatory filing with the SEC. The profit margin can answer significantly to find consistent trends in a firm's earnings, The Home Depot , Inc.

Students Protest Outside White House, Demand Gun Reform After Florida School Shooting
White House officials say the president supports a narrow, bipartisan bill to improve the federal background check system. Nikolas Cruz, 19, had been investigated by the authorities for posting disturbing content online, according to reports.

A Tesla spokesperson confirmed that no customer data was compromised by the breach: "We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it", the spokesperson said.

"The RedLock CSI team immediately reported the incident to Tesla and the issue was quickly rectified", RedLock said in a blog post today.

Tesla's Kubernetes page was not password protected, making it vulnerable to attack. In addition, the mining software was configured to use a non-standard port to access the internet and to connect to an unlisted or semi-public endpoint instead of well-known mining pools. They also hid the true IP address of the mining pool server behind CloudFlare's content delivery network service and configured the mining software to listen on a nonstandard port, making it more hard to detect.

Sam Bisbee, chief security officer at security firm Threat Stack, told IBT, "In order to address the challenges of cloud security and improve the situation, organizations must realize that cloud data security starts with knowing whether the services you use are risk-appropriate for the data stored there". "In particular, organisations' public cloud environments are ideal targets due to the lack of effective cloud threat defence programs".

Since then, a number of other cryptojacking incidents have been uncovered and there are notable differences in the attacks.

The firm's finding show that 73 per cent of organisations "allow the root user account to be used to perform activities - behaviour that goes against security best practices", while 16 per cent "have user accounts that have potentially been compromised".

Other reports by

Discuss This Article