Tesla car in showroom

Hackers hijack Tesla’s cloud for cryptocurrency mining

Image credit: Dreamstime

Tesla’s Amazon Web Services (AWS) cloud system has been compromised by hackers, who exploited the cloud’s CPU to mine cryptocurrency.

The AWS breach, which affected a number of companies in addition to Tesla, was detected by cloud cybersecurity company RedLock.

According to RedLock, the attackers were able to infiltrate Tesla’s Kubernetes admin console, which was not password protected, leaving it exposed. Kubernetes is an open-source platform which automates the management of small programmes on which apps are run.

Within one Kubernetes pod, the attackers acquired access credentials for Tesla’s AWS cloud, which contained sensitive information, such as telemetric data. The hackers then ran a cryptocurrency mining programme using the cloud’s CPU.

RedLock has not stated which particular cryptocurrency was mined, or how much, during the breach.

Cryptocurrency mining is the process of solving complex cryptographic problems in order to validate cryptocurrency transactions and add them to a public ledger: a blockchain. Cryptocurrency miners use colossal amounts of CPU – and hence electricity – to solve these problems and are then rewarded for their efforts with tokens of newly issued cryptocurrency.

“The skyrocketing value of cryptocurrencies is prompting hackers to shift their focus from stealing data to stealing computer power in organisations’ public cloud environments,” RedLock wrote in a blog post.

Tesla was not the only victim of this attack, RedLock reported. A number of other companies – including Aviva and Gemalto – were also affected by the exploitation of unprotected Kubernetes consoles.

However, the hacker’s approach to breaching Tesla’s AWS system was more sophisticated than those affecting the other companies; the hackers installed mining pool software rather than using a public mining pool, configured the script to connect to an ‘unlisted’ endpoint, kept CPU use low and used CloudFlare to hide the true IP address of the mining pool server.

Tesla fixed the breach hours after it was flagged up by RedLock and has stated that it has not seen any impact on customer data protection or safety and security of its vehicles thus far. It said in a statement to CNBC that it seemed only to affect internally used test cars.

Since the Coinhive cryptocurrency mining script was released in September 2017, similar scripts have rapidly spread across the internet. Coinhive was found to be affecting 2.2 per cent of the Alexa top 100,000 websites less than a month after its launch. The script has spread to government websites around the world and even YouTube, using Google’s DoubleClick ad delivery system.

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them