Hackers infiltrated Tesla’s cloud environment and stole computer resources to mine for cryptocurrency, according to the security firm RedLock.
According to a report released today detailing cloud security threats, RedLock’s Cloud Security Intelligence team – yes, its CSI team – notified Tesla of the intrusion and the vulnerability was addressed. The electric vehicle company was reportedly running one of hundreds of open-source systems the CSI team found accessible online without password protection. The exposure allowed hackers to access Tesla’s Amazon cloud environment, RedLock said.
In an email to Gizmodo, a Tesla spokesperson said there is “no indication” the breach impacted customer privacy or compromised the security of its vehicles.
“We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it,” a Tesla spokesperson told Gizmodo in an email. “The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”
According to RedLock, mining cryptocurrency is likely a more valuable use of Tesla’s servers than the data it stores.
“The recent rise of cryptocurrencies is making it far more lucrative for cybercriminals to steal organisations’ compute power rather than their data,” RedLock CTO Gaurav Kumar told Gizmodo. “In particular, organisations’ public cloud environments are ideal targets due to the lack of effective cloud threat defence programs. In the past few months alone, we have uncovered a number of cryptojacking incidents including the one affecting Tesla.”
Kumar said the attackers leveraged the Stratum mining protocol and evaded detection by hiding the true IP address of the mining pool server behind CloudFlare and keeping CPU usage low, among other tactics.
“Given the immaturity of cloud security programs today, we anticipate this type of cybercrime to increase in scale and velocity,” Kumar said. “Organisations need to proactively monitor their public cloud environments for risky resource configurations, signs of account compromise, and suspicious network traffic just as they do for their on-premise environments.”
Kumar added that while breaches at cloud service providers were almost never the fault of the host – Amazon, Microsoft, Google – security is a “shared responsibility”. “Organisations of every stripe are fundamentally obliged to monitor their infrastructures for risky configurations, anomalous user activities, suspicious network traffic, and host vulnerabilities,” he said. “Without that, anything the providers do will never be enough.”
RedLock estimates that eight per cent of organisations will face attacks by cryptojackers – but due to ineffective network monitoring, most will go undetected.
The firm’s finding show that 73 per cent of organisations “allow the root user account to be used to perform activities – behaviour that goes against security best practices”, while 16 per cent “have user accounts that have potentially been compromised”. RedLock further estimates that 58 per cent of organisations “publicly exposed at least one cloud storage service”. Meanwhile, it found, 66 per cent of databases are not encrypted.
Additional reporting by Rhett Jones