Tesla Cloud Environment Hacked to Mine Crypto-Currencies
According to the security research firm RedLock, Hackers have hacked the Tesla’s Cloud environment and other confidential computer resources in order to mine the crypto-currencies.
According to the RedLock reports that were released on Tuesday, there were some cloud security threats. CSI team notified Telsa of the vulnerability. The CSI team found some logins without password protection in the open-source systems of this large electric vehicle company. The vulnerability allowed the attackers to enter the cloud environment of the company RedLock confirmed.
Just after the reports of this big hack one of the Tesla spokespersons confirmed that there was no harm to the customer database or to their privacy related to their vehicles. He also said that ““We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it,” a Tesla spokesperson told Gizmodo in an email. “The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”
According to RedLock, Tesla is more concerned about mining crypto-currencies than the data it stores on its servers. “The recent rise of cryptocurrencies is making it far more lucrative for cybercriminals to steal organizations’ compute power rather than their data,” RedLock CTO Gaurav Kumar told Gizmodo. “In particular, organizations’ public cloud environments are ideal targets due to the lack of effective cloud threat defense programs. In the past few months alone, we have uncovered a number of cryptojacking incidents including the one affecting Tesla.”
Kumar said that the hackers exploit the stratum mining protocol and evaded detection by hiding the real IP address of the mining pool behind CloudFlare and keeping CPU usage low, among other tactics.
“Given the immaturity of cloud security programs today, we anticipate this type of cybercrime to increase in scale and velocity,” Kumar said. “Organizations need to proactively monitor their public cloud environments for risky resource configurations, signs of account compromise, and suspicious network traffic just as they do for their on-premise environments.”