Click to Skip Ad
Closing in...

Hackers used Tesla’s cloud to mine cryptocurrency

Published Feb 20th, 2018 5:42PM EST
Tesla Cryptojacking
Image: Ena/AP/REX/Shutterstock

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

With the cryptocurrency craze still in full swing, the frequency of crypto-related crimes has exploded in recent months. Just last week, for example, a 24-year old Chicago man was arrested amid charges that he stole $2 million in Bitcoin and Litecoin from his employer. Aside from old-fashioned theft, the cryptocurrency craze has also led to a greater incidence of cryptojacking, an activity where malicious actors secretly siphon an unsuspecting user’s computing resources in order to mine cryptocurrency.

While most cryptojacking incidents tend to involve PCs or mobile devices, cryptojackers are seemingly set on expanding their horizons. To this point, a new security report from RedLock reveals that cryptojackers recently leveraged Tesla’s public cloud for cryptocurrency mining purposes.

“The hackers had infiltrated Tesla’s Kubernetes console which was not password protected,” the report reads. “Within one Kubernetes pod, access credentials were exposed to Tesla’s AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry.”

Interestingly, the report adds that the cryptojackers employed some “sophisticated evasion measures” as to keep their illicit activity from attracting any attention. Citing one quick example, the mining software used in this particular case was reportedly fine tuned as to keep CPU usage within a normal range, thereby improving the odds that no one would notice any unusual activity.

Upon discovering the incident, RedLock alerted Tesla whereupon the issue was promptly fixed.

In a statement on the matter provided to Engadget, Tesla explains:

We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.

Yoni Heisler Contributing Writer

Yoni Heisler has been writing about Apple and the tech industry at large with over 15 years of experience. A life long expert Mac user and Apple expert, his writing has appeared in Edible Apple, Network World, MacLife, Macworld UK, and TUAW.

When not analyzing the latest happenings with Apple, Yoni enjoys catching Improv shows in Chicago, playing soccer, and cultivating new TV show addictions.