When Criminals Hijacked Tesla to Mine Coins… Tesla Says Hack Only Impacted Internally-Used Test Cars
Tesla has now responded to a security report that suggested the company's systems were used by hackers to mine cryptocurrency thanks to poor security measures. The automaker has confirmed that its cloud computing platform was indeed hijacked by hackers but assures that no customer data was exposed during the breach.
"Our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way," a company spokesperson said, adding the hack was limited to the internally used engineering test cars.
RedLock, the security firm that had alerted the company about the breach, reported yesterday that Tesla had its login credentials stored on a system that was not protected by a password. This lapse in security led to hackers getting access to the company's Amazon Web Services (AWS) environment exposing non-public company data. In their report, RedLock had said that Tesla telemetry, mapping, and vehicle servicing data was potentially exposed to hackers.
The company has now confirmed that no customer data was exposed based on the initial investigation. Here's the complete statement:
We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.
Cryptojacking becomes a growing headache for organizations
The research had also suggested that hackers were secretly mining cryptocurrency using this access to the EV maker's systems. By reducing CPU usage and some other tricks, hackers were able to hide their tracks during this operation.
After the security firm informed the automaker of this exposure and cryptojacking scheme, Tesla said it fixed the vulnerability "within hours."
Tesla isn't the first or the last major company to have become a victim of cryptojacking. Earlier this month, a report revealed how thousands of government-owned websites around the world were hijacked for stealth mining of cryptocurrency. The situation has gone so worse that billions of users become a victim of cryptojacking through popular websites and services. Research in December had revealed that only 4 popular websites were managing to target resources of nearly 1 billion visitors for Monero mining.
As Tesla's case proves yet again, it's not just the end users who are being targeted by malicious websites or advertisers, as over 55% of organizations were found impacted by cryptojacking attacks with crypto-mining malware becoming one of the top 10 threats online.