Skip to main content

Tesla cloud account hacked to mine cryptocurrency

a blurry image of a car © Provided by The Hill An unidentified outside hacker infiltrated Tesla's Amazon cloud account and used its systems to quietly mine for cryptocurrencies, a cybersecurity firm announced Tuesday.

The hack also potentially exposed the electric car company's data.

Researchers for RedLock found that Tesla's credentials on an IT administrative console were not password protected. They made the discovery while trying to track down which organizations had left their Amazon Web Services (AWS) credentials openly exposed on the internet last month.

The hackers quietly hijacked the console and began running scripts to generate virtual currency like bitcoin, the latest in a series of "cryptojacking" attacks. The researchers also found the hackers used "sophisticated evasion measures" to go undetected.

A spokesperson for Tesla said the company learned about the breach in a company-sanctioned bug bounty program that pays outside hackers to discover vulnerabilities or exploited systems within the company.

"We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it," the spokesperson said in a statement.

"The impact seems to be limited to internally used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way."

Fortune first reported the Tesla breach.

"We weren't the first to get to it. Clearly, someone else had launched instances that were already mining cryptocurrency in this particular Tesla environment," Varun Badhwar, CEO and cofounder of RedLock, told the magazine.

Vehicle data from Tesla could have been exposed to the hackers through the Amazon "simple storage service" bucket, the researchers found.

Badhwar echoed the company's statement, telling Fortune it did not seem like much sensitive information out in the open. He added, however, that his research team "didn't try to dig in too much" and immediately alerted Tesla as soon as they learned about the unsecured system.

RedLock's report comes at a time when cryptojacking heists are increasing as the value of cryptocurrency grows.

Two other companies were also being used to mine cryptocurrency as a result of unsecured Kubernetes consoles, a Google-designed application that helps store virtual machines known in the tech space as containers.

Popular posts from this blog

DOF opposes tiered approach to tax on sugary drinks

© Provided by Mediamerge Corporation MONEY- Tax thumbnail The Department of Finance (DOF) is not amenable to Senator Juan Edgardo Angara's suggestion to implement the proposed levy on sugar sweetened beverages via a three-tier system. "We oppose the tiered approach. Meaning 'yung first seven grams will be tax free and then after that would be taxable," Finance Undersecretary Karl Chua said during the Economic Journalists Association of the Philippines (EJAP) Economic Forum in Manila on Friday. Chua note the tiered approach may compel manufacturers to come up with smaller packaging. "So you can drink three of them with no taxes," the Finance official said. It will defeat the purpose of imposing excise tax on sugary drinks as a health measure, he added. During deliberations on the comprehensive tax reform bill, Angara floated the idea of implementing the excise tax on sugar sweetened beverages under a three-tier system to incentivize those who manufactu...

You can pay at a restaurant by smiling at a camera

© Provided by Engadget As easy as it is to make purchases in the era of tap-to-pay services , it's about to get easier still. Alipay (which handles purchases for Chinese shopping giant Alibaba) has launched what it says is the first payment system that uses facial recognition to complete the sale. If you visit one of KFC's KPRO restaurants in Hangzhou, China, you can pay for your panini or salad by smiling at a camera-equipped kiosk -- you need to verify the purchase on your phone, but you don't have to punch in digits or bring your phone up to an NFC reader. The system (Smile to Pay) is purportedly resistant to spoofing with photos and other tricks. It relies on both depth-sensing cameras and a "likeness detection algorithm" to make sure it's really you. Reportedly, the technology is good enough that it can accurately identify people even when they're disguising themselves through makeup or wigs. You shouldn't have to worry about someone buying ...

Apple named ‘most innovative’ company by a magazine

© Provided by IBT US Apple has just been named as the “Most Innovative” company of 2018 by a business magazine. The reasons cited why the Cupertino giant emerged triumphant on the list included the company’s ability to design processors that are optimized for its latest hardware and software.  Fast Company published Tuesday its list of the World’s Most Innovative Companies 2018 in the consumer electronics sector and Tim Cook’s company was the one that snagged the top spot. The publication indicated in the list that the main reason why Apple ranked the highest was because it produced the “phone of the future” for today’s market.  The magazine also published a lengthy explanation on why Apple is worth the “most innovative” title this year. According to Fast Company, the Cupertino giant had a notable 2017 due to the stellar performances of the wireless AirPods and the Apple Watch Series 3 and the launch of its own AR platform, ARKit, as well as the release of the outst...