Tesla is known not just as a car company but as a technology company, as is evident by their heavy presence in Amazon AWS. Hackers recently took advantage of this reliance on tech by gaining access to and using Tesla’s AWS account to run their own cryptocurrency mining operation.
According to a recent report from RedLock, hackers gained access to a Tesla management console, which lacked password protection, and retrieved AWS API keys that were stored in plain text. Using these API keys, the hackers were able to view sensitive engineering telemetry data, and obtain control over allocating computing resources.
With their access to Tesla’s virtual computing power, the hackers started a covert cryptocurrency mining operation using Tesla’s Kubernetes environment. RedLock did not state what cryptocurrency the attackers chose to mine.
The attackers used techniques to hide their operation, indicating that they knew what they were doing and had likely done it before. For instance:
- They didn’t use public mining pools. This would prevent network monitoring tools from detecting suspect connections to known mining pool servers.
- They used custom mining software with nonstandard ports to ensure no firewall could identify the malicious connections by port uses.
- The attackers hid their pool address behind CloudFlare, a content delivery network used for many legitimate and some illegitimate purposes.
- The hackers configured their mining software to reduce CPU usage so that the load on the server wouldn’t be noticeable.
From the report, this looks to be a new variation of hackers hijacking your computer and using it to mine for cryptocurrency, though on a much more sophisticated level. It just goes to shows that even well-known technology companies can fall victim to these types of attacks.
Luckily for Tesla, nothing outside of the telemetry data was compromised and the attackers spared them from more damaging threats like ransomware. After an investigation, Tesla found that customer privacy was not compromised in this attack. As far as we know, this could have easily gone much worse for the company.
Tesla could have avoided this attack by safeguarding their API keys with password protection on their management console and by preventing external access to their internal servers. For example, If you need to access an internal server from the internet, you should use a VPN to keep access restricted and secure. In today’s environment, exposing sensitive resources to the internet, even with password protection, is no longer an option. –Trevor Collins