Search This Blog

Powered by Blogger.

Blog Archive

Labels

Tesla's cloud systems exploited to mine cryptocurrency


Hackers Hijack Tesla’s  cloud storage on the Amazon Web Service (AWS) and used it for mine cryptocurrency – an attack known as ‘crypto-jacking’.

An Indian security research firm, RedLock Cloud Security Intelligence (CSI), detected and reported about the incidence for the first. According to researchers, a group of unidentified hackers infiltrated into the Tesla's open-source system for automating deployment: Kubernetes, scaling and management of applications, that was not protected by a password.

“We weren’t the first to get to it,” Varun Badhwar, CEO, and co-founder of RedLock. “Clearly, someone else had launched instances that were already mining cryptocurrency in this particular Tesla environment.”

In a blog post RedLock said that the attackers didn't use public 'mining pool' but "they installed mining pool software and configured the malicious script to connect to an “unlisted” or semi-public endpoint. This makes it difficult for the standard IP/ domain based threat intelligence feeds to detect the malicious activity."

The attackers hid the true IP address of the mining pool server shrewdly and demanded a new IP address to make it undetectable.

Tesla spokesperson said, " there is no indication the breach impacted customer privacy or compromised the security of its vehicles."


Share it: