Tesla’s cloud environment has been exploited by hackers who used the computational power to mine cryptocurrencies and some sensitive data belonging to the electric car maker.
First discovered by RedLock security researchers, Tesla was revealed to be the organization behind an AWS (amazon Cloud Services) account left open in the public domain. The researchers also found data in the account leading them to an unsecured Kubernetes container console that had enabled hackers to access Tesla’s AWS cloud environment.
An open source platform, Kubernetes is used to automate, manage and scale containerized applications. Tesla’s console specifically contained access credentials to the company’s AWS.
In Tesla’s case, the cyber thieves gained access to Tesla’s Kubernetes administrative console, which exposed access credentials to Tesla’s AWS environment. Those credentials provided unfettered access to non-public Tesla information stored in Amazon Simple Storage Service (S3) buckets.
Upon digging further, the researchers discovered cryptocurrency mining scripts operating on Tesla’s container console, siphoning computing power to mine and profit from cryptocurrency.
The hackers also kept their activity, commonly known as ‘cryptojackiing’, under wraps by installing a mining pool software instead of using a public mining pool before directing the script to connect to an unlisted endpoint that renders it difficult for threat detection systems that rely on spotting suspicious IP addresses.
Furthermore, the research team observed that Tesla’s cloud environment wasn’t running on high CPU usage, as hackers most likely configured the mining software to run on low resources to evade detection.
The hackers also hid the true IP address of the mining pool server behind CloudFlare, a free content delivery network (CDN) service. The hackers can use a new IP address on-demand by registering for free CDN services. This makes IP address based detection of crypto mining activity even more challenging.
The researchers promptly reported the incident to Tesla and the issue was rectified ‘quickly’ after.
Image credit: Pexels