Tesla Cloud Servers Hacked By Cryptojackers

Tesla Roadster 2. (Image credit: Tesla Motors)

Cryptojacking--cryptocurrency mining via malware, hacking, or other malicious means--has been on the rise as a potentially lucrative “business” for cyber criminals. Tesla is the latest to fall victim to such an attack. Researchers from RedLock, a cloud security company, uncovered a cryptojacking attack against some of Tesla’s cloud systems.

Tesla Systems Not Password Protected

The attackers were able to hack Tesla’s Kubernetes console, which it uses to manage its application containers, in part because there was no password protection enabled for the system. This lapse in Tesla’s security exposed access credentials for the company’s Amazon Web Services (AWS) environment. From there, the attackers gained access to an Amazon S3 bucket that contained sensitive data, such as car telemetry.

Tesla seems to be in good company, because Aviva, a British multinational insurance company, and Gemalto, the world’s largest SIM and smart card chip maker, were also recently infiltrated by cyptojackers because they left their Kubernetes consoles unprotected by passwords. Gemalto, on whose security most of our phones depend, was also hacked by the GCHQ and NSA back in 2010. The company promised to improve its security at the time.

Tesla Systems Cryptojacked

The hackers weren’t content just to steal the sensitive data they found, so they also installed some cryptocurrency mining clients. According to the RedLock team, the attackers employed some sophisticated evasion techniques. One of these techniques was to use an unlisted and semi-public cryptomining pool, which would be able to evade common threat intelligence software.

The attackers also hid the IP address of the mining pool behind free content delivery network (CDN) services that allow them to use different IPs for each account. The mining software was configured to listen on a non-standard port to evade security tools monitoring the standard ports. However, this likely also means that Tesla didn’t block all the ports except the ones it was using, and then scan the remaining open ones.

Lastly, the attackers didn’t try to abuse the available CPU resources of Tesla’s systems, because that would have raised suspicions. The mining clients used relatively low resources to remain hidden.

Tesla Statement

RedLock said that it reported the incident to Tesla immediately, and the company was able to rectify the problem quickly.

In a statement to Tom’s Hardware, Tesla said:

We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.

Tesla is one of a small number of carmakers that even have a bug bounty program, and it tends to take security more seriously than other automotive companies in general. However, the more popular its cars with self-driving, over-the-air upgrade, and remote control capabilities become, the more appealing they will be to malicious attackers.

We’ve also seen from previous reports and interviews with industry experts that carmakers, in general, are still not taking the security of their connected cars and upcoming self-driving cars too seriously. Once these cars are in sufficient numbers on the market and can be accessed remotely through the company’s servers, we may see an increasing number of attackers on the car companies’ cloud systems.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • x3style
    Title is misleading by omission. Tesla got hacked and parched it quickly, other similar services from other manufacturers are less secure. Tesla takes security more serious than others.

    Not to be accused of fanboyism but title portrays the company as bad for being hacked, then article actually explains hack was on isolated test systems and that the company is actually leading the market in security.
    Reply
  • apesoccer
    If the author potentially gets paid based on hits/popularity, then you throw out there whatever brings people in. Don't blame the player, blame the game. ...or something like that...
    Reply
  • alextheblue
    20725644 said:
    Title is misleading by omission. Tesla got hacked and parched it quickly, other similar services from other manufacturers are less secure. Tesla takes security more serious than others.

    Not to be accused of fanboyism but title portrays the company as bad for being hacked, then article actually explains hack was on isolated test systems and that the company is actually leading the market in security.
    I guess you'd have to take security more seriously when you've got unnecessary attack vectors... like a web browser. However it seems the web browser is so terrible it doesn't get much serious use. You'd be better off taping an iPad to the dashboard. Honestly I don't know why anyone puts Musk on such a pedestal. He built much of his empire on the backs of taxpayers. Go look up how much federal and state funds Tesla has soaked up over the years (directly and indirectly).
    Reply
  • Christopher1
    20725644 said:
    Title is misleading by omission. Tesla got hacked and parched it quickly, other similar services from other manufacturers are less secure. Tesla takes security more serious than others.

    Not to be accused of fanboyism but title portrays the company as bad for being hacked, then article actually explains hack was on isolated test systems and that the company is actually leading the market in security.

    With all due respect if they 'took security seriously' their systems would have been password-protected from the start!
    This leans towards "They do not take basic security very seriously so start investigations into what other holes they might have left open!"
    Reply
  • Ninjawithagun
    deleted
    Reply
  • Ninjawithagun
    20726005 said:
    If the author potentially gets paid based on hits/popularity, then you throw out there whatever brings people in. Don't blame the player, blame the game. ...or something like that...

    Incorrect. You apparently have no clue how cybersecurity works or it's intended goals. Cybersecurity is EVERYONE'S responsibility. The fact that such a high tech, high profile company like Tesla failed to use even the most basic measures (passwords) is a huge failure. It shows a high level of incompetence on Tesla. What other compromised systems exist within the Tesla corporation? Russia has probably already stolen all of the super secret plans for building their own Falcon Heavy rocket launch system. No surprise really. People are so busy drooling over Musk that they forget he anything but perfect. This just proves that point even more so.
    Reply
  • apesoccer
    20728145 said:
    20726005 said:
    If the author potentially gets paid based on hits/popularity, then you throw out there whatever brings people in. Don't blame the player, blame the game. ...or something like that...

    Incorrect. You apparently have no clue how cybersecurity works or it's intended goals. Cybersecurity is EVERYONE'S responsibility. The fact that such a high tech, high profile company like Tesla failed to use even the most basic measures (passwords) is a huge failure. It shows a high level of incompetence on Tesla. What other compromised systems exist within the Tesla corporation? Russia has probably already stolen all of the super secret plans for building their own Falcon Heavy rocket launch system. No surprise really. People are so busy drooling over Musk that they forget he anything but perfect. This just proves that point even more so.

    I think you either didn't read my message, which wasn't anything to do with the hack, it was a comment on the name of the article, or you just quoted the wrong response maybe. In so far as cybersecurity is concerned... I have some* idea of how it works, what is involved in keeping a company, relatively, safe/secure with best practices, and how to impose, again relative, safe practices for my IT crew and users. I won't try to claim i have an excellent, or really, even a very good handle on imposing all portions of security... But i have some idea of the concerns cybersecurity professionals generally have.

    In so far as Tesla and their security measures, i'd imagine, like most things, there is a scale and prioritization of different IT projects with limited set of man hours to spend on a given project where you sometimes turn on a system, set the basic functions, set yourself a list of things to take care of, and again based on that prioritization, take care of it accordingly. So what i suggest is that perhaps, that test system, just wasn't done yet...as test systems are often in a state of...change; and often a weak point in security because of that potential low-prioritization and lack of important data pertaining in it. Or...maybe they just got lazy. /Shrug.
    Reply
  • Ninjawithagun
    Tesla is a premiere corporation and as such Cybersecurity should be their number one concern. The fact that any of this happened and the specifics of how it happened are horrifying. As a consumer, I would not buy stock in this company - and is really too late to do so anyways. What is not in the article is the fact that corporate secrets were stolen. The only question we have to ask is what was the extent of the theft...
    Reply
  • apesoccer
    If you think you shouldn't buy stock in a company because they have been "hacked"...heh, well, i guess you won't be buying any stock. Also...what percentage of companies that have been hacked do you think actually know about it? I'd guess less then 10% and i'd lean towards less then 1% that you hear about. You don't get to be considered a decent tight rope walker by falling.

    As many people have said before in one way or another, its not a matter of whether something can be hacked, as how long it takes.

    Number one concern shouldn't be security for a company intending to make money (well...outside of security companies anyway)...Number one should remain as how do i increase my worth or expand etc... If you are spending too much money or time* on security (or too little), you aren't going to make any money (or if too little, you'll end up paying for it...)... So as i said, it'll still be prioritized and test setups are (or maybe should) still going to be lower priority then more important systems or data. And again, doesn't excuse a door left open, but might explain some of it.
    Reply
  • Ninjawithagun
    20786164 said:
    If you think you shouldn't buy stock in a company because they have been "hacked"...heh, well, i guess you won't be buying any stock. Also...what percentage of companies that have been hacked do you think actually know about it? I'd guess less then 10% and i'd lean towards less then 1% that you hear about. You don't get to be considered a decent tight rope walker by falling.

    As many people have said before in one way or another, its not a matter of whether something can be hacked, as how long it takes.

    Number one concern shouldn't be security for a company intending to make money (well...outside of security companies anyway)...Number one should remain as how do i increase my worth or expand etc... If you are spending too much money or time* on security (or too little), you aren't going to make any money (or if too little, you'll end up paying for it...)... So as i said, it'll still be prioritized and test setups are (or maybe should) still going to be lower priority then more important systems or data. And again, doesn't excuse a door left open, but might explain some of it.

    Consideration of whether or not to buy stock in a company based upon them practicing bad cybersecurity is one of many factors to consider prior to investing. Regardless, the point is that they are guilty of very bad business practices and the consumer should be aware of this fact. You are only substantiating common sense and not stating anything of specific new relevance.
    Reply