Tesla's cloud hacked to mine cryptocurrencies

RedLock told Tesla about the security hole so it could be rectified

RedLock has revealed its security hackers broke into Tesla's cloud and stole the resources they needed to mine cryptocurrency because the car giant hadn't secured its open source systems.

The security researcher revealed the findings in its Cloud Security Trends report, saying that attacks to mine cryptocurrency are on the rise, but many of the incidents are able to happen because of poor "user and API access hygiene."

In addition, businesses aren't monitoring their entire cloud infrastructure, meaning when an attack does happen, it often goes unnoticed until it's too late.

RedLock did advise Tesla that it was able to access the credentials it needed to break into Tesla's AWS environment. Upon further investigation, researchers at the security firm were able to access an Amazon S3 bucket, which stored sensitive data such as telemetry.

"We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it," a Tesla spokesperson told Gizmodo.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way."

However, the incident spurred RedLock to look into access key hygiene and it discovered that 40 percent of access keys have not been rotated in the recommended 90-day period, while almost three-quarters of businesses are allowing root user activities.

A combination of these two security malpractices means that hackers would potentially be able to find highly sensitive information much easier than if businesses employed best practice to their cloud security.

RedLock thinks this kind of attack will increase in intensity in the coming months, making it vital businesses monitor their cloud environments for any potential holes.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/operating-systems/microsoft-windows/354526/memes-and-viking-funerals-the-internet-reacts-to-the
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020