Tesla Cloud Servers Hacked By Cryptojackers

Tesla Roadster 2. Credit: Tesla MotorsTesla Roadster 2. Credit: Tesla Motors

Cryptojacking--cryptocurrency mining via malware, hacking, or other malicious means--has been on the rise as a potentially lucrative “business” for cyber criminals. Tesla is the latest to fall victim to such an attack. Researchers from RedLock, a cloud security company, uncovered a cryptojacking attack against some of Tesla’s cloud systems.

Tesla Systems Not Password Protected

The attackers were able to hack Tesla’s Kubernetes console, which it uses to manage its application containers, in part because there was no password protection enabled for the system. This lapse in Tesla’s security exposed access credentials for the company’s Amazon Web Services (AWS) environment. From there, the attackers gained access to an Amazon S3 bucket that contained sensitive data, such as car telemetry.

Tesla seems to be in good company, because Aviva, a British multinational insurance company, and Gemalto, the world’s largest SIM and smart card chip maker, were also recently infiltrated by cyptojackers because they left their Kubernetes consoles unprotected by passwords. Gemalto, on whose security most of our phones depend, was also hacked by the GCHQ and NSA back in 2010. The company promised to improve its security at the time.

Tesla Systems Cryptojacked

The hackers weren’t content just to steal the sensitive data they found, so they also installed some cryptocurrency mining clients. According to the RedLock team, the attackers employed some sophisticated evasion techniques. One of these techniques was to use an unlisted and semi-public cryptomining pool, which would be able to evade common threat intelligence software.

The attackers also hid the IP address of the mining pool behind free content delivery network (CDN) services that allow them to use different IPs for each account. The mining software was configured to listen on a non-standard port to evade security tools monitoring the standard ports. However, this likely also means that Tesla didn’t block all the ports except the ones it was using, and then scan the remaining open ones.

Lastly, the attackers didn’t try to abuse the available CPU resources of Tesla’s systems, because that would have raised suspicions. The mining clients used relatively low resources to remain hidden.

Tesla Statement

RedLock said that it reported the incident to Tesla immediately, and the company was able to rectify the problem quickly.

In a statement to Tom’s Hardware, Tesla said:

We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.

Tesla is one of a small number of carmakers that even have a bug bounty program, and it tends to take security more seriously than other automotive companies in general. However, the more popular its cars with self-driving, over-the-air upgrade, and remote control capabilities become, the more appealing they will be to malicious attackers.

We’ve also seen from previous reports and interviews with industry experts that carmakers, in general, are still not taking the security of their connected cars and upcoming self-driving cars too seriously. Once these cars are in sufficient numbers on the market and can be accessed remotely through the company’s servers, we may see an increasing number of attackers on the car companies’ cloud systems.

Create a new thread in the News comments forum about this subject
This thread is closed for comments
11 comments
Comment from the forums
    Your comment
  • x3style
    Title is misleading by omission. Tesla got hacked and parched it quickly, other similar services from other manufacturers are less secure. Tesla takes security more serious than others.

    Not to be accused of fanboyism but title portrays the company as bad for being hacked, then article actually explains hack was on isolated test systems and that the company is actually leading the market in security.
  • apesoccer
    If the author potentially gets paid based on hits/popularity, then you throw out there whatever brings people in. Don't blame the player, blame the game. ...or something like that...
  • alextheblue
    Anonymous said:
    Title is misleading by omission. Tesla got hacked and parched it quickly, other similar services from other manufacturers are less secure. Tesla takes security more serious than others.

    Not to be accused of fanboyism but title portrays the company as bad for being hacked, then article actually explains hack was on isolated test systems and that the company is actually leading the market in security.

    I guess you'd have to take security more seriously when you've got unnecessary attack vectors... like a web browser. However it seems the web browser is so terrible it doesn't get much serious use. You'd be better off taping an iPad to the dashboard. Honestly I don't know why anyone puts Musk on such a pedestal. He built much of his empire on the backs of taxpayers. Go look up how much federal and state funds Tesla has soaked up over the years (directly and indirectly).