Tesla’s cloud was hacked for crypto mining
Private company data was exposed in the hack and crpyto mining CPU usage kept low to avoid detection.
New research has revealed that American electric energy car manufacturer Tesla fell victim to “cryptojacking”.
In a blog post this week, RedLock Cloud Security Intelligence (CSI) team revealed that it had found hundreds of Kubernetes administration consoles that were accessible over the internet without any password protection.
One of these compromised Kubernetes pods – an open-source system for automating deployment, scaling and management of containerized applications – was on Tesla’s cloud account, exposing private company data.
“Within one Kubernetes pod, access credentials were exposed to Tesla’s AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry,” RedLock said.
Besides the data breach, RedLock’s CSI team said that hackers were illegally mining cryptocurrency.
The team noted that unlike other crypto mining incidents, the hackers did not use a well known public “mining pool” in this attack, making it difficult for standard threat intelligence feeds to detect the malicious activity.
“The hackers also hid the true IP address of the mining pool server behind CloudFlare, a free content delivery network service. The hackers use a new IP address on-demand by registering for free services,” RedLock said.
“This makes IP address based detection of crypto mining activity even more challenging.”
The CPU usage levels used in the “cryptojacking” incident were also kept low, to assist in avoiding detection.
The RedLock CSI team immediately reported the incident to Tesla and the issue was quickly rectified.
In an email to Gizmodo a spokesperson for Tesla confirmed the hack but said its impact was “limited” in scale.
“We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it,” the Tesla spokesperson said. “The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”
The breach involving Tesla is the latest in illicit cloud account access. Other instances involve Aviva, a British multinational insurance company, and Gemalto, the world’s largest manufacturer of SIM cards.
Researchers are also reporting that cryptocurrency malware is rendering some companies unable to operate.
You can learn all about different exchanges, understand exactly how to buy and sell cryptocurrencies, calculate your taxes, discover digital wallets to hold assets and explore a list of all the alternative coins on the market.