Hackers Hijack Tesla – Mine Cryptocurrency and Access Private Company Data
Want to take cryptojacking to the next level? Involve Tesla! It appears along with Starbucks and a ton of other businesses, the hip automaker was also a victim of the trending criminal activity. Security researchers at cloud security firm RedLock released a report earlier today that revealed, among other things, that the an unprotected Kubernetes console belonging to the EV brand led to data exposure and mining activities.
While Google-designed Kubernetes is used to deploy and manage containerized apps by enterprises worldwide, in Tesla's case, an unsecured console exposed credentials to Tesla's Amazon Web Services (AWS) environment."We weren’t the first to get to it,” Varun Badhwar, CEO and cofounder of RedLock, said.
"Clearly, someone else had launched instances that were already mining cryptocurrency in this particular Tesla environment."
The story follows a major news that broke last month revealing that thousands of government websites in multiple countries, including the US and the UK, were hijacked to use visitors' resources for cryptocurrency mining. However, in this case it's not the visitors who paid for these coins, as Tesla's cloud resources were used for the mining operation.
Tesla hackers hijacked the company's unsecured cloud system to mine cryptocurrency
Once hackers got access on this unsecured IT administrative console, they ran scripts that enabled them to mine cryptocurrency. This access, however, potentially also led to data breach as researchers said that "those credentials provided unfettered access to non-public Tesla information stored in Amazon Simple Storage Service (S3) buckets." This non-public data doesn't necessarily mean customer data (we are still waiting for the company's statement), however, it did involve Tesla telemetry, mapping, and vehicle servicing data according to researchers.
"It didn’t have personally identifiable information, per se," RedLock researchers wrote. They added they "didn't dig in too much" and alerted the company.
These unidentified hackers also employed a number of techniques to avoid detection on the unsecured console. For example, instead of using public mining pools, they installed Stratum mining software and instructed the script to connect to an unlisted endpoint. One of the biggest giveaways of a cryptojacking scheme is high CPU usage. Researchers wrote that Tesla hackers intentionally hid their tracks by reducing the CPU usage demanded by the cryptomining software.
It remains unclear how much they managed to make from this cryptojacking operation. For their discovery, RedLock researchers did get $3,133.7 in bug bounty from the automaker.
"The message from this research is loud and clear - the unmistakable potential of cloud environments is seriously compromised by sophisticated hackers identifying easy-to-exploit vulnerabilities," RedLock said. "Security is a shared responsibility: Organizations of every stripe are fundamentally obliged to monitor their infrastructures for risky configurations, anomalous user activities, suspicious network traffic, and host vulnerabilities. Without that, anything the providers do will never be enough."