Tesla cloud servers hijacked for illicit cryptomining

Redlock has recently discovered that Elon Musk’s electric car company Tesla was involved in a cryptomining hijack. Usually, crypto hijackers take over PC systems or mobile devices through disguised pieces of software like apps or websites, and make use of the available resources to mine specific cryptocurrencies. However, in order to keep authorities on their toes, cryptojackers try to come up with new ways to seize control over mining resources.

Online security company RedLock made a report on how cryptojackers took control of Tesla’s cloud infrastructure and proceeded to hide their traces. The report notes that “the hackers had infiltrated Tesla’s Kubernetes console which was not password protected,” and “within one Kubernetes pod, access credentials were exposed to Tesla’s AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry.” However, the hackers were not interested in exposing telemetry data, they just needed the processing power offered by the cloud servers. Furthermore, the cryptojackers made sure that the illicit endeavor will not attract attention, managing to fine tune the CPU usage in order to appear as if usage is within normal parameters.

Upon the discovery of the clever scheme, RedLock immediately reported its findings to Tesla, which promptly fixed the issue.  In an Engadget interview, Tesla revealed that “we maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”

Source(s)