Categories: Security news

Hackers exploit Tesla’s cloud systems to mine cryptocurrency

Hackers Hijack Tesla’s AWS servers, Use It To Mine Cryptocurrency

Tesla, the electric car manufacturer based in Palo Alto, California, is the latest victim of crypto-mining malware that allowed the hackers to covertly mine cryptocurrency – an attack known as ‘crypto-jacking’.

Researchers from the RedLock Cloud Security Intelligence (CSI) team discovered the breach on Tesla-owned Amazon cloud account last month and alerted the car manufacturer. The CGI security researchers came across the breach while trying to find out which organization left credentials for an Amazon Web Services (AWS) account open to the public Internet. The owner of the account happened to be Tesla, they said.

“We weren’t the first to get to it,” Varun Badhwar, CEO and co-founder of RedLock, told Fortune in a phone conversation. “Clearly, someone else had launched instances that were already mining cryptocurrency in this particular Tesla environment.”

The CGI researchers in their February 2018 Cloud Security Trends report said that the anonymous hackers infiltrated Tesla’s Kubernetes console (an open source system originally designed by Google to manage applications) that was not password protected and exposed access credentials to Tesla’s Amazon Web Services (AWS) environment.

The exposed Tesla AWS contained an Amazon Simple Storage Service (S3) bucket, which stored sensitive data such as telemetry, mapping, and vehicle servicing data, RedLock researchers stated. Once the hackers gained access to Tesla’s cloud servers, they installed cryptocurrency mining software called Stratum to mine cryptocurrencies and configured the malicious script to connect to an unlisted or semi-public endpoint. They then began cryptomining by obscuring the true IP address of the mining pool server behind Cloudflare and kept the CPU usage low to evade detection.

“In Tesla’s case, the cyber thieves gained access to Tesla’s Kubernetes administrative console, which exposed access credentials to Tesla’s AWS environment,” RedLock says. “Those credentials provided unfettered access to non-public Tesla information stored in Amazon Simple Storage Service (S3) buckets.”

Last year, RedLock had published a report that said that 53% of organizations using cloud storage services such as Amazon had accidentally exposed these to the public, with “hundreds” leaking credentials through services such as Kubernetes.

The CGI researchers said they are not certain of the type and the value of currency mined using the stolen power. They were also uncertain as to how long the intruders had access.

RedLock Vice President Upa Campbell told Motherboard that, “the crypto mining incidents have increased in tandem with rising cryptocurrency prices. As the values of cryptocurrencies rise we are seeing an epidemic”. Campbell also said that these hackers get easy profits from cryptomining rather than traditional data extraction.

“It used to be lucrative for hackers to steal a companies data but hackers will always take the path of least resistance,” she added. “Cryptojacking is a lot easier because they get into the environment and simply leverage the computer systems to generate money.”

Meanwhile, Tesla quickly rectified the cryptojacking issue after it was notified by RedLock. A Tesla spokesperson confirmed that no customer data or the safety and security of its vehicles was compromised by the breach.

“We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it,” the spokesperson said. “The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”

RedLock CTO Gaurav Kumar said businesses should monitor doubtful cyber activities to avoid being exploited.

“The message from this research is loud and clear — the unmistakable potential of cloud environments is seriously compromised by sophisticated hackers identifying easy-to-exploit vulnerabilities,” Kumar said in a statement Tuesday.

“In our analysis, cloud service providers such as Amazon, Microsoft and Google are trying to do their part, and none of the major breaches in 2017 was caused by their negligence.”

He added: “However, security is a shared responsibility. Organizations of every stripe are fundamentally obliged to monitor their infrastructures for risky configurations, anomalous user activities, suspicious network traffic, and host vulnerabilities. Without that, anything the providers do will never be enough.”







Kavita Iyer

An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human

Recent Posts

3 New Ways To Take A ScreenShot On Android Smartphones

Android is possibly the most popular Smartphone OS with more than 2 billion monthly active devices. There might be times…

12 hours ago

What is Mac OS? Pros and Cons | Explanation

"Apple" the most valuable brand in the world produces some of the best Hardware & Software products and Mac OS…

12 hours ago

Google Search is testing ‘Learn To Pronounce’ feature in different speeds and accents

Google Search’s new feature will teach you how to pronounce words in different accents Over a period of time, Google…

15 hours ago

10 Best Free Skype Alternatives For Windows/Android/iOS

Since its advent in 2003, Skype has become an industry standard when it comes to video calling on Windows PC. In…

2 days ago

Sony PlayStation Classic hacked to run games off a USB drive

Hackers crack Sony’s PlayStation Classic shortly after the release Last week, Sony released PlayStation Classic with 20 officially preinstalled games,…

2 days ago

What to Do If Your iPhone or iPad got stuck on Apple logo?

There are situations when people have frozen iPhone and iPad on Apple logo during startup. And, if you are also…

4 days ago