Hackers Hijack Tesla System To Mine Cryptocurrency
Electric vehicle maker Tesla is the latest victim of a new type of cyber attack known as cryptojacking. According to researchers, hackers have hijacked the automaker's cloud system and using the stolen computing power to illegally mine cryptocurrency.
According to cloud monitoring and defense firm RedLock, some of the automaker's Amazon Web Services cloud infrastructure was compromised with mining malware in a far-reaching and well-hidden cryptojacking campaign. After disclosing their findings last month, the company quickly took action to decontaminate their cloud platform within a day.
The automaker's own investigation revealed that the exposure was minimal. They also did not see any initial impact on customer data protection or the safety and security of its vehicles.
"We addressed this vulnerability within hours of learning about it," a spokesperson from the company said. "The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way."
But while the effects of the hijacking weren't too concerning, it does highlight ways in which cryptojacking can pose a broad security threat, in addition to racking up the electric bill.
According to Redlock chief technology officer Gaurav Kumar, the Tesla attackers were running their own mining server making it hard for them to on malware-scanner blacklists. The malware also communicated with the attacker's server in an unusual IP port preventing scanners to detect it as malicious.
While the time and energy expended by the attackers prove that first-line defensive efforts are working it did not prevent them from gaining access. Worse, they were able to mine cryptocurrencies for a time meaning that their efforts were promptly rewarded, incentivizing them to carry out similar attacks on other companies, preferably those with fewer security resources as Tesla.
The RedLock researchers submitted their findings through Elon Musk-led company's bug bounty program. They were awarded a $3,000 reward which they donated to charity.