Tesla’s Amazon Cloud hacked by hackers and used it to mine cryptocurrency. The hack was discovered by RedLock a cybersecurity firm.
How did it begin?
Hackers hijacked an IT administrative console that belongs to Tesla which had no password protection. Few scripts were run to begin crypto mining. The researchers of RedLock found that an Amazon Web Service credentials were openly available on the internet. RedLock started to track down the account info and found that it was Tesla.
What’s inside in the cloud?
The account had simple storage service (S3) bucket that held telemetry, mapping, and vehicle servicing data for Tesla. The CEO of RedLock didn’t look into much and alerted Tesla for this flaw on their computer which allowed passwords available over the internet via Highjack.
The hackers were pretty crafty in hiding their tracks. They made sure to lower the CPU usage demanded by the Stratum software they were using for cryptocurrency mining. This allowed the mining to be virtually undetected. The hackers also kept their internet addresses secret by hiding behind the services of a content delivery service, CloudFlare.
RedLock were given $3,133.70 by Tesla as part of the company’s bounty program to reward outside hackers who find flaws in their system.