Notebookcheck
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Tesla cloud servers hijacked for illicit cryptomining

Hijackers were not interested in customer data or car security, they just needed the processing power of the cloud servers. (Source: HybridCars)
Hijackers were not interested in customer data or car security, they just needed the processing power of the cloud servers. (Source: HybridCars)
Instead of using malicious apps or website exploits, hackers just hijacked Tesla's cloud servers and made sure their illicit cryptomining endeavors would not seem suspicious.
Bogdan Solca,
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Redlock has recently discovered that Elon Musk’s electric car company Tesla was involved in a cryptomining hijack. Usually, crypto hijackers take over PC systems or mobile devices through disguised pieces of software like apps or websites, and make use of the available resources to mine specific cryptocurrencies. However, in order to keep authorities on their toes, cryptojackers try to come up with new ways to seize control over mining resources.

Online security company RedLock made a report on how cryptojackers took control of Tesla’s cloud infrastructure and proceeded to hide their traces. The report notes that “the hackers had infiltrated Tesla’s Kubernetes console which was not password protected,” and “within one Kubernetes pod, access credentials were exposed to Tesla’s AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry.” However, the hackers were not interested in exposing telemetry data, they just needed the processing power offered by the cloud servers. Furthermore, the cryptojackers made sure that the illicit endeavor will not attract attention, managing to fine tune the CPU usage in order to appear as if usage is within normal parameters.

Upon the discovery of the clever scheme, RedLock immediately reported its findings to Tesla, which promptly fixed the issue.  In an Engadget interview, Tesla revealed that “we maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”

Source(s)

static version load dynamic
Loading Comments
Comment on this article
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 
Bogdan Solca
Bogdan Solca - Senior Tech Writer - 1588 articles published on Notebookcheck since 2017
I first stepped into the wondrous IT&C world when I was around seven years old. I was instantly fascinated by computerized graphics, whether they were from games or 3D applications like 3D Max. I'm also an avid reader of science fiction, an astrophysics aficionado, and a crypto geek. I started writing PC-related articles for Softpedia and a few blogs back in 2006. I joined the Notebookcheck team in the summer of 2017 and am currently a senior tech writer mostly covering processor, GPU, and laptop news.
contact me via: Facebook
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News Archive > Newsarchive 2018 02 > Tesla cloud servers hijacked for illicit cryptomining
Bogdan Solca, 2018-02-21 (Update: 2018-02-21)