Tesla Gets Hacked, Again! This Time it's Cryptojackers

Tesla, the popular electric car company, has fallen into the hands of hackers yet again. This time by cryptojackers.

This discovery was announced by RedLock Cloud Security Intelligence (CSI) team yesterday. A few months ago, the RedLock team found hundreds of Kubernetes administration consoles that could be accessed over the internet without any password protection. Among those affected include large companies like Aviva, a British insurance company, and Gemalto, the world's largest manufacturer of SIM cards. It was found that attackers gained access to public cloud instances and used them to perform cryptocurrency mining.

How Tesla Got Attacked by Cryptojackers

There have been numerous instances of cyber attacks in connected cars affecting models like the Ford Fusion, Toyota Prius, and even the Tesla Model X.

In this particular case, attackers had access to Tesla's Kubernetes console which was not password protected. Within one Kubernetes pod, access credentials were exposed to Tesla’s AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry.

 

Tesla AWS Exposed Credentials Source Tesla AWS Exposed Credentials Source: RedLock

 

The attackers performed cryptojacking to use Tesla's cloud compute resources to perform crypto mining. The attackers used intelligent mechanisms to go unnoticed. First, they did not use a well-known public mining pool. Additionally, they used CloudFlare to hide real IP addresses. The attackers also ensured that the CPU usage wasn't very high thus ensuring that it doesn't raise any eyebrows.

The issue was reported to Tesla and has hence been fixed.

How to Prevent Such Compromises

One of the major reasons why such situations arise is because of poor user and API access controls. Along with that, many companies lack visibility and effective monitoring systems that give a holistic view of any such incident. A large number of businesses are still a long way away from even basic compliance. The General Data Policy Regulation (GDPR) goes into effect in a few months, but the analysis shows that 66% of databases are not encrypted.

A large number of organizations that Appknox works with also initially believed that cloud service providers like Amazon, Microsoft, and Google take care of security for them. It is interesting to know that no major breach has been caused by a negligence on the side of the cloud service providers, rather it is the result of actions of the organizations using them.

Some things that businesses should necessarily take care of include:

1) Manage and monitor configurations: As an organization, you should always monitor for any risky configuration. Many security automation tools can help companies get more intelligence in this area.

2) Monitor traffic: Companies can and should monitor traffic and co-relate it with configuration data to detect suspicious activities.

3)Use a multi-level approach: Companies should always try and build a multi-level approach to security. The reality is that there is no such thing as 100% secure. End of the day, as an organization you should have the ability to detect and resolve a situation in such a way that it causes the least possible damage.

Trial

 

Published on Feb 22, 2018
Subho Halder
Written by Subho Halder
Subho Halder is the CISO and Co-Founder of Appknox. He started his career researching Mobile Security. Currently, he helps businesses to detect and fix security vulnerabilities. He has also detected critical loopholes in companies like Google, Facebook, Apple, and others

Questions?

Chat With Us

Using Other Product?

Switch to Appknox

2 Weeks Free Trial!

Get Started Now