Hackers used Tesla's unprotected account to mine cryptocurrencies

Hackers Hijack Tesla’s Amazon Cloud Account to Secretly Mine Cryptocurrencies

According to a recent report published by cybersecurity firm RedLock, hackers managed to hijack a Tesla-owned Amazon cloud account, so they could then use it to mine cryptocurrencies. Per the report, the breach also saw some of Tesla’s proprietary data get exposed.

Researchers reportedly discovered the breach while trying to find out which organization left a Kubernetes console without password protection. It was Tesla, and this exposed its Amazon Web Services (AWS) login credentials. Kubernetes is a Google-developed system whose goal is to optimize cloud applications.

Upon finding the exposed account, the hackers started using the computing power of Tesla’s cloud to mine cryptocurrencies. RedLock didn’t reveal which cryptocurrencies were mined, but privacy-centric coins like Monero and Zcash are usually preferred in these types of attacks.

RedLock co-founder and CEO Varun Badhwar stated:

“We weren’t the first to get to it. Clearly, someone else had launched instances that were already mining cryptocurrency in this particular Tesla environment.”

The attack was somewhat sophisticated, as the hackers didn’t just try to mine as much as possible in a short amount of time. To avoid detection, they installed mining pool software, and pointed a script to reach an “unlisted” destination.

The intruders also masked the address of their mining pool through CloudFlare, and used little processing power to avoid raising any red flags. They deployed a mining software known as Stratum.

The attack could have exposed an Amazon “simple storage service” (S3) bucket holding Tesla’s telemetry, vehicle servicing, and mapping data. Badhwar revealed that his team “didn’t try to dig in too much,” and instead opted to alert Tesla. As such, it isn’t clear how long the hackers had access to Tesla’s cloud.

Tesla rewarded the researchers

Notably, Tesla has a bug bounty program in which it rewards security researchers who find and report potential security breaches. RedLock’s researchers notified Tesla, and were awarded 3,133.70 – referencing “1337” or “leet,” slang for “elite.” Tesla’s bug bounty program has a maximum payout of $10,000.

In an email to Fortune, a Tesla spokesperson revealed that the bounty program is kept to encourage this type of research. Per his words, the company started working on the vulnerability mere hours after learning about it.

The spokesperson said:

“The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”

This incident is the latest in a string of cryptojacking attacks, in which hackers use other people’s CPU resources to mine cryptocurrencies.. As covered by Core Media, even government websites have been compromised. While some websites, breached or not, use people’s CPUs to mine without letting them know, others like Salon give them a choice between seeing ads or mining.