Hackers were able to get into one of Tesla’s Amazon cloud accounts and use it to run currency-mining software, a new report found.
The breach in many ways resembled compromises suffered by Gemalto, the world’s biggest SIM card maker, and multinational insurance company Aviva, said researchers at security provider, RedLock.
Amazon and Microsoft cloud accounts for both companies ended up breached this past October to run currency-mining malware after hackers found access credentials that weren’t properly secured, the researchers said.
The initial point of entry for the Tesla cloud breach was an unsecured administrative console for Kubernetes, an open source package used by companies to deploy and manage large numbers of cloud-based applications and resources.
“The hackers had infiltrated Tesla’s Kubernetes console which was not password protected,” RedLock researchers said in a post. “Within one Kubernetes pod, access credentials were exposed to Tesla’s AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry.”
The attackers hid the malware behind an IP address hosted by security firm Cloudflare. They also configured the mining software to use a non-standard port to reach the Internet and to connect to an unlisted or semi-public endpoint rather than well-known mining pools. The attackers also likely reduced the amount of CPU resources used to mine the digital coin. The measures helped to make the illicit mining harder to detect and lower the chances of it being shut down.
Besides allowing attackers to run the mining malware, RedLock said the breach also exposed certain non-public Tesla data, including sensitive telemetry information related to Tesla cars. RedLock said it reported the breach to Tesla, and the systems were quickly disinfected.
In an email, a Tesla representative wrote: “We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”