Skip to main content

Tesla cloud account hacked to mine cryptocurrency

a blurry image of a car © Provided by The Hill An unidentified outside hacker infiltrated Tesla's Amazon cloud account and used its systems to quietly mine for cryptocurrencies, a cybersecurity firm announced Tuesday.

The hack also potentially exposed the electric car company's data.

Researchers for RedLock found that Tesla's credentials on an IT administrative console were not password protected. They made the discovery while trying to track down which organizations had left their Amazon Web Services (AWS) credentials openly exposed on the internet last month.

The hackers quietly hijacked the console and began running scripts to generate virtual currency like bitcoin, the latest in a series of "cryptojacking" attacks. The researchers also found the hackers used "sophisticated evasion measures" to go undetected.

A spokesperson for Tesla said the company learned about the breach in a company-sanctioned bug bounty program that pays outside hackers to discover vulnerabilities or exploited systems within the company.

"We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it," the spokesperson said in a statement.

"The impact seems to be limited to internally used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way."

Fortune first reported the Tesla breach.

"We weren't the first to get to it. Clearly, someone else had launched instances that were already mining cryptocurrency in this particular Tesla environment," Varun Badhwar, CEO and cofounder of RedLock, told the magazine.

Vehicle data from Tesla could have been exposed to the hackers through the Amazon "simple storage service" bucket, the researchers found.

Badhwar echoed the company's statement, telling Fortune it did not seem like much sensitive information out in the open. He added, however, that his research team "didn't try to dig in too much" and immediately alerted Tesla as soon as they learned about the unsecured system.

RedLock's report comes at a time when cryptojacking heists are increasing as the value of cryptocurrency grows.

Two other companies were also being used to mine cryptocurrency as a result of unsecured Kubernetes consoles, a Google-designed application that helps store virtual machines known in the tech space as containers.

Labels:

Popular posts from this blog

Tech 2017: Biggest fails, scandals and embarrassments

© Provided by IBT US This year brought many tech innovations and products, like the iPhone X, virtual reality headsets and augmented reality on apps. However, the tech industry also saw failures this year. Like all businesses, not all products or ideas succeed. The tech industry saw some of its gadgets fail to take off. Besides product failures, the sector was also plagued by scandals and congressional testimonies. Here are the tech industry’s 2017’s top product flops and scandals: Amazon Key In late October, Amazon announced a new delivery method for Prime members which allows drivers to set packages inside customers’ home . The delivery system works with the Amazon Key In-Home Kit that is set up for $249.99. With the kit, users can select the “in home” option on the app and get their items delivered inside their homes. Prime members can receive alerts and can see the delivery happen in real-time through the app. While the service was pitched to people who are too busy to s...
Read more

R. Tiglao Exposed LTO Records Showing Aquino Never Bought or Sold a Porsche

Veteran columnist Rigoberto Tiglao exposed the Land Transportation Office (LTO) records of former President Benigno Aquino III showing that he never bought or sold an expensive Porsche car. The LTO records proved that the former President did not sold his Porsche 911 Carrera car which he claimed he bought for P5 million. The controversial Porsche car of the former President made headlines just months into his presidency but he explained that he bought the luxury car with the proceeds he got when he sold his BMW. Because of the furor from such display of opulence, Pres. Aquino claimed to have sold it six months later for exactly the same price. According to Tiglao during that time he asked through his column the LTO to release the car's deed of sale and registration to prove that it was not a gift from a Chinese-Filipino tycoon as rumored by some individuals critical to the President. The only possible way to discover whether the Porsche luxury was indeed sold was through ...
Read more