Hackers Mining Cryptocurrency With Tesla Cloud Account
February 21, 2018
RedLock researchers have released a report saying that cloud account of Tesla, American company producing electric cars, was hacked to be used for cryptocurrency mining.
As the report states, the vulnerability was detected last month. The researchers have found out, Tesla turned to be the company that had left its account data insecure at Amazon Web Services as it did not hide them in Kubernetes console which allows for optimizing cloud apps.
Hackers have spotted the account data faster than RedLock so they gained access to Tesla cloud environment. To stay unnoticed they concealed the mining pool IP and did not load the CPUs much. As soon as the experts discovered the unprotected account they reported to the owner so Tesla eliminated the vulnerability almost immediately.
“We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it,” the spokesperson said. “The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way”, as Tesla representative noted.
RedLock researchers state, it was indeed much more beneficial for hackers to mine cryptocurrency with cloud account than hijacking its data. As the company’s report says, 58% of companies that use popular cloud services left their account data with no access restrictions while about 8% of them fell victims of cryptojacking.
Cryptojacking is a new kind of fraud, criminals hijack computing capacities of their victims for the purposes of mining. Given general crypto market growth this variant of fraud has got more widespread last year while its scale is expected to augment on in 2018.