In a recent turn of events, Tesla’s Amazon cloud account was taken apart by hackers and was used for mining cryptocurrency. This report was confirmed by the researcher’s team of cybersecurity firm RedLock.
What Actually Happened?
According to the reports published on Tuesday about cloud security threats, the Redlock’s Cloud Security Intelligence (CSI) team informed Tesla of the attack and intrusion. The electric machinery manufacturer was operating numerous open-source systems without using password protection. This hole in the loop allowed hackers to gain access to the company’s cryptocurrency.
The hackers used Kubernetes console that is a Google designed software. Hackers coded a script that helped them to mine the cryptocurrency. Additional reports also mentioned that attackers tried to expose the storage service that contained the data for Tesla telemetry, vehicle servicing and mapping.
The firm RedLock exposed the breach previous month while they were searching for the organization that left identifications for Amazon Web Services (AWS) and account open for public network.
In a recent interview Varun Badhwar, CEO and Cofounder of RedLock said “We weren’t the first to get it. Clearly, someone else had launched instances that were already mining cryptocurrency in this particular Tesla atmosphere. It didn’t have personally identifiable information, per se”. He also stated that his team “didn’t try to dig in too much” in fact they immediately opted to inform Tesla to find out about the unsafe data.
Also Read: An Insight Into Whaling Attack
What Did Tesla Have to Say?
Whereas, when asked to Tesla, one of the spokesperson wrote “We maintain a bug bounty program to encourage this type of research. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way”.
As we know, Tesla CEO Elon Musk on one side is talking about traveling with humans to Mars and on the other side he couldn’t do anything about the incident. This means that Tesla is under threat by the hackers. If this is possible, then Tesla might want to take a look at the security measurements taken. Tesla also manufactures lethal weapons such as the much talked about ‘Flamethrower’ and several other technologies that could be weaponized if they fall in wrong hands.
What Measures did Tesla take after the Incident?
Tesla confirmed about the incident and paid a bounty to RedLock, the cybersecurity firm who took measures to stop future attacks. Nevertheless, it is certainly damage control as not even a company like Tesla can escape the clutches of cyber-attacks.
Tesla faced the same incident in 2015, where the hackers dug into their open source browser and gained full access to the Tesla S car’s head unit.
Also Read: Crypto-Mining: Latest Muse Of Cyber Attackers
If Tesla can get hacked. How safe are we?
Instead, there are many open source clouds worldwide that have data of millions of people without password protection. Question arises here that “Is the data over cloud safe? Or we are living in a world where our data is always at risk?” We can only hope that this isn’t the sad reality and cybersecurity companies and agencies put an end to this menace.