RedLock’s Cloud Security Intelligence team has released a new report that shows that Elon Musk Tesla cloud was highjacked by hackers to mine cryptocurrencies.
The Tesla cloud was running hundreds of open source systems that were easily accessible online and didn’t have any password protection which made it easy for hackers to access the electric vehicles company Amazon cloud environment. The hackers used the Kubernetes container to mine for cryptocurrencies, for an as of yet unknown amount of time.
RedLock’s CSI team exposed a similar hack of AWS for Bitcoin (BTC) mining purposes at companies Aviva and Gemaltо in October of last year. These companies, like Tesla, did not have passwords for their admin consoles.
The report from RedLock however shows there is no sign that the breach impacted the security of the vehicles or that of its customer security.
Tesla had already made the news last year for an innovative way to use their technologies to mine Bitcoin in a way completely unintended by the company. In December 2017, the owner of a Tesla S electric car reported that he had been mining Bitcoin with his car’s supercharger, placing a mining rig in the trunk.
Addressing how to combat the security issue, Gaurav Kumar, the CTO of RedLock told Gizmodo:
Organizations of every stripe are fundamentally obliged to monitor their infrastructures for risky configurations, anomalous user activities, suspicious network traffic, and host vulnerabilities. Without that, anything the providers do will never be enough.”
This is a lesson to be learned from the hack at Tesla that tells companies to prevent similar hacking incidents in the future they need to monitor configurations, network traffic and suspicious user behavior.
And, password protection is a must.