Attackers infirltrate Tesla's computing to mine cryptocurrency
After the successful launch of Elon Musk’s Tesla Roadster into space last month, the company’s computing assets have been attacked by a hacker and used to mine an unknown amount of cryptocurrency.
These anonymous hackers have breached Tesla’s cloud environment via a vulnerable Telsa Kubernete console—an open source system that manages applications. According to RedLock security report, the attackers gained access to Tesla’s Amazon Web Service and thereafter run scripts that allowed them to covertly mine cryptocurrency.
According to MotherBoard’s report, RedLock Vice President Upa Campbell has stated, “the crypto mining incidents have increased in tandem with rising cryptocurrency prices. As the values of cryptocurrencies rise we are seeing an epidemic,” Campbell said. She also said that these hackers get easy profits from crypto mining rather than traditional data extraction.
“It used to be lucrative for hackers to steal a companies data but hackers will always take the path of least resistance,” she said. “Cryptojacking is a lot easier because they get into the environment and simply leverage the computer systems to generate money.”
In an interview with Fortune, RedLock CEO Varun Badhwar said that the attackers used the cryptocurrency mining pool protocol Stratum to launch the attack. However, the type and amount of currency mined from Tesla remained unknown.
Motherboard has also reported that a Tesla spokesperson has emailed to them about the hack and said that “they did not think this attack would directly affect Tesla customers since the accessible data was from test cars and not customers.”
“We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it,” the spokesman said. “The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”
RedLock has stated that the mining software was configured to keep the number of resources it hijacked low in order to avoid stirring suspicion. Generally, it is easy to determine whether a system is mining cryptocurrency or not by checking whether a CPU is loaded with lots of processes, even when the system is kept idle — it’s one of the tell-tale signs that someone is using your computer to mine digital coins.
This reveal comes after a major cryptomining attack, which happened last week that hijacked the systems of anyone visiting nearly 4,000 websites, including many government sites, to mine cryptocurrency. In October last year, RedLock has found multiple numbers of similar Kubernetes administration consoles, which lacked a decent password protection, making them vulnerable to hackers. These type of attacks, including the one that targeted Tesla, are now commonly referred to as cryptojacking.
According to a report by Fortune, the researchers at RedLock notified Tesla and the company resolved the issue in about two days. Tesla awarded Redlock $3,133.70 for notifying them of the vulnerability as part of its bug bounty program.
Campbell also was reported saying that the Tesla incident demonstrates how large organisations could be taking more proactive steps to ensure security.
“Organisations need to assume that credentials are going to get compromised and as a result, they need to monitor users’ behaviour and make sure that they notice any suspicious activity by users,” she said.