Notebookcheck

Tesla cloud servers hijacked for illicit cryptomining

Hijackers were not interested in customer data or car security, they just needed the processing power of the cloud servers. (Source: HybridCars)
Hijackers were not interested in customer data or car security, they just needed the processing power of the cloud servers. (Source: HybridCars)
Instead of using malicious apps or website exploits, hackers just hijacked Tesla's cloud servers and made sure their illicit cryptomining endeavors would not seem suspicious.

Redlock has recently discovered that Elon Musk’s electric car company Tesla was involved in a cryptomining hijack. Usually, crypto hijackers take over PC systems or mobile devices through disguised pieces of software like apps or websites, and make use of the available resources to mine specific cryptocurrencies. However, in order to keep authorities on their toes, cryptojackers try to come up with new ways to seize control over mining resources.

Online security company RedLock made a report on how cryptojackers took control of Tesla’s cloud infrastructure and proceeded to hide their traces. The report notes that “the hackers had infiltrated Tesla’s Kubernetes console which was not password protected,” and “within one Kubernetes pod, access credentials were exposed to Tesla’s AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry.” However, the hackers were not interested in exposing telemetry data, they just needed the processing power offered by the cloud servers. Furthermore, the cryptojackers made sure that the illicit endeavor will not attract attention, managing to fine tune the CPU usage in order to appear as if usage is within normal parameters.

Upon the discovery of the clever scheme, RedLock immediately reported its findings to Tesla, which promptly fixed the issue.  In an Engadget interview, Tesla revealed that “we maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team! Especially English native speakers welcome!

Currently wanted: 
News and Editorial Editor - Details here

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2018 02 > Tesla cloud servers hijacked for illicit cryptomining
Bogdan Solca, 2018-02-21 (Update: 2018-02-21)
Bogdan Solca
Bogdan Solca - News Editor
I stepped into the wonderous IT&C world when I was around 7. I was instantly fascinated by computerized graphics, be them from games or 3D applications like 3D Max. I like to keep myself up to date with all the new technologies that get released at an ever increasing rate these days. I'm also an avid SciFi reader, an astrophysics aficionado and, as of late, a crypto geek.