Tesla's cloud hacked to mine cryptocurrencies

RedLock told Tesla about the security hole so it could be rectified

RedLock has revealed its security hackers broke into Tesla's cloud and stole the resources they needed to mine cryptocurrency because the car giant hadn't secured its open source systems.

The security researcher revealed the findings in its Cloud Security Trends report, saying that attacks to mine cryptocurrency are on the rise, but many of the incidents are able to happen because of poor "user and API access hygiene."

Advertisement - Article continues below

In addition, businesses aren't monitoring their entire cloud infrastructure, meaning when an attack does happen, it often goes unnoticed until it's too late.

RedLock did advise Tesla that it was able to access the credentials it needed to break into Tesla's AWS environment. Upon further investigation, researchers at the security firm were able to access an Amazon S3 bucket, which stored sensitive data such as telemetry.

"We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it," a Tesla spokesperson told Gizmodo.

"The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way."

However, the incident spurred RedLock to look into access key hygiene and it discovered that 40 percent of access keys have not been rotated in the recommended 90-day period, while almost three-quarters of businesses are allowing root user activities.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

A combination of these two security malpractices means that hackers would potentially be able to find highly sensitive information much easier than if businesses employed best practice to their cloud security.

RedLock thinks this kind of attack will increase in intensity in the coming months, making it vital businesses monitor their cloud environments for any potential holes.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now
Advertisement

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
Police use of facial recognition ruled unlawful in the UK
privacy

Police use of facial recognition ruled unlawful in the UK

11 Aug 2020