Tesla became the victim of a crypto attack. Using a Kubernetes console, hackers have entered the Tesla cloud system and using the technological equipment’s power they started to mine cryptocurrency.
The announcement was made yesterday, on 20 February 2018 by the cybersecurity software enterprise RedLock. During a few months ago, they found dozens of active Kubernetes consoles without any signature protection. This fact has led to numerous malware attacks.
About the attack, RedLock explained on its official website that “While the attack was similar to the ones at Aviva and Gemalto, there were some notable differences. The hackers had infiltrated Tesla’s Kubernetes console which was not password protected. Within one Kubernetes pod, access credentials were exposed to Tesla’s AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry.”
In order not to be detected by Tesla cloud system, the attackers installed a less known and powerful mining pool, connecting it to an “unlisted or semi-public endpoint”. This gave them more time to process the proposed activities, being more difficult to be identified.
A spokesperson of Tesla explained that “The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way“.
The incident didn’t affect any private information that are stored inside the Tesla’s cloud environment. Instead, they assured the public that will improve their system.