Hackers Used Tesla's Cloud Systems to Mine Cryptocurrency

When someone thinks of hacking into Tesla, one could assume it would be for proprietary information. However, hackers recently got into Tesla's cloud environment and leveraged the network to mine for cryptocurrencies. 

The issue was first spotted by cloud security firm RedLock. The research team at the firm noticed that cryptocurrency mining scripts -- aka when computing power is unknowingly being drained to power mining -- were found on the Tesla system. 

The report documented the firm finding an unprotected Kubernetes console which belonged to the prominent EV automaker. Kubernetes helps deploy and autoscale websites hosted on a cloud platform. While the open-source Google system is used by enterprise businesses around the world, one unsecured console was all hackers needed to get into Tesla's cloud environment. Tesla currently uses Amazon Web Services -- arguably the most ubiquitous cloud hosting platform on the market. 

"The hackers had infiltrated Tesla's Kubernetes console which was not password protected," RedLock researchers wrote. "Within one Kubernetes pod, access credentials were exposed to Tesla's AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry."

The cybersecurity firm said that with the increased popularity of cryptocurrency comes the drive for more people to hack and cheat the mining system. 

"The skyrocketing value of cryptocurrencies is prompting hackers to shift their focus from stealing data to stealing compute power in organizations’ public cloud environments," RedLock said in their blog post of the process. "The nefarious network activity is going completely unnoticed."

[see-also]

The firm gave several suggestions for any website to keep in mind in order to prevent their own cloud environments from being hacked into in a similar manner: 

Monitor Network Configurations -- RedLock encouraged website owners to invest in tools that can analyze resources as soon as they're created and then apply the appropriate policies for that particular application or resource. 

Monitor Network Traffic -- Keeping a close watch on daily traffic will clue web managers and owners into when those numbers seem suspicious. RedLock pointed out that had Tesla kept a better eye on network traffic and correlating that with other data, the company could've easily detected the issue and the compromised Kubernetes unit. 

Be on Guard for Suspicious User Behavior -- When Uber was breached, the company's access credentials found its way around the internet, but the company didn't take note of the odd behavior hitting its system. RedLock recommended monitoring for a baseline use for a constant and then tracking even-based anomalies. 

In an email to Ars Technica, a Tesla representative said: "We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way."

This isn't the only example of companies failing to secure their cloud accounts. There was the widespread breach of Gemalto (the global SIM card maker) as well as insurance company Aviva. As cryptocurrency continues to bounce back from its lowest values, enterprise companies with extensive cloud frameworks should be on their guard against these exploitative hacks.