Hackers infiltrated Tesla’s cloud environment and stole computer resources to mine for cryptocurrency, according to the security firm RedLock.
According to a report released on Tuesday detailing cloud security threats, RedLock’s Cloud Security Intelligence team—yes, its CSI team—notified Tesla of the intrusion and the vulnerability was addressed. The electric vehicle company was reportedly running one of hundreds of open-source systems the CSI team found accessible online without password protection. The exposure allowed hackers to access Tesla’s Amazon cloud environment, RedLock said.
In an email to Gizmodo, a Tesla spokesperson said there is “no indication” the breach impacted customer privacy or compromised the security of its vehicles.
“We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it,” a Tesla spokesperson told Gizmodo in an email. “The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”
According to RedLock, mining cryptocurrency is likely a more valuable use of Tesla’s servers than the data it stores.
“The recent rise of cryptocurrencies is making it far more lucrative for cybercriminals to steal organizations’ compute power rather than their data,” RedLock CTO Gaurav Kumar told Gizmodo. “In particular, organizations’ public cloud environments are ideal targets due to the lack of effective cloud threat defense programs. In the past few months alone, we have uncovered a number of cryptojacking incidents including the one affecting Tesla.”
Kumar said the attackers leveraged the Stratum mining protocol and evaded detection by hiding the true IP address of the mining pool server behind CloudFlare and keeping CPU usage low, among other tactics.
“Given the immaturity of cloud security programs today, we anticipate this type of cybercrime to increase in scale and velocity,” Kumar said. “Organizations need to proactively monitor their public cloud environments for risky resource configurations, signs of account compromise, and suspicious network traffic just as they do for their on-premise environments.”
Kumar added that while breaches at cloud service providers were almost never the fault of the host—Amazon, Microsoft, Google—security is a “shared responsibility.” “Organizations of every stripe are fundamentally obliged to monitor their infrastructures for risky configurations, anomalous user activities, suspicious network traffic, and host vulnerabilities,” he said. “Without that, anything the providers do will never be enough.”
RedLock estimates that 8 percent of organizations will face attacks by cryptojackers—but due to ineffective network monitoring, most will go undetected.
The firm’s finding show that 73 percent of organizations “allow the root user account to be used to perform activities—behavior that goes against security best practices,” while 16 percent “have user accounts that have potentially been compromised.” RedLock further estimates that 58 percent of organizations “publicly exposed at least one cloud storage service.” Meanwhile, it found, 66 percent of databases are not encrypted.
Additional reporting by Rhett Jones