There was a time when ransomware was the weapon of choice for hackers. Now, it seems that cryptohacking has become the preferred method of making money. Following a recent number of mining hacks, Tesla has become the latest firm to fall victim to malicious cryptominers.
Unlike last week’s incident in which thousands of web pages were found to contain cryptomining malware, it was Tesla’s cloud environment that was exploited in this instance.
Cloud security firm RedLock reports that Elon Musk’s company was infiltrated though its Kubernetes console—an open-source package used to deploy and manage application containers, virtualized software, and some cloud-based services. The console was not password protected, allowing hackers to access Tesla’s login credentials for Amazon Web Services via a Kubernetes pod.
"Within one Kubernetes pod, access credentials were exposed to Tesla's AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry," explained RedLock's researchers.
RedLock’s Cloud Security Intelligence (CSI) team discovered the cryptocurrency mining scripts operating on Tesla Kubernetes instances, which let the hackers use Tesla AWS resources to mine cryptos.
RedLock CTO Gaurav Kumar told Gizmodo the attackers leveraged the Stratum mining protocol. They avoided detection by configuring the software to connect to an ‘unlisted’ destination, rather than a well-known public mining pool, and kept CPU usage low. They also hid the true address of the mining pool server behind an IP address hosted by content delivery network Cloudflare, and the mining software was configured to listen on a non-standard port, making it harder to detect malicious activity based on port traffic.
The RedLock team reported its findings to Tesla immediately, and the issues were fixed “quickly.” The EV firm says no important data was compromised.
We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.