Tesla Cryptojacked For Cryptocoins, But No Worries
Tesla's computing power in the cloud was infiltrated and utilized by a hacker to mine cryptocurrency. Cryptojacking is the process in which a hacker gains entry into a computer system and implants a cryptocurrency miner. With the miner, the user will use the processing power of the computer to generate cryptocurrency – like Bitcoin, but more likely Ethereum-based coins like Monero.
According to the security team at RedLock, Tesla's systems were infiltrated through their Kubernetes console, which apparently had little to no security right out the gate. From there, hackers were able to access Tesla's Kubernetes pod content. From there, hackers found names and passwords for Tesla's AWS (Amazon Web Services), inside which they found their Amazon S3 buckets (Amazon Simple Storage Service), with even more sensitive data inside.
According to Tesla, no especially important data was compromised. In a statement sent to press this afternoon, Tesla addresses the security breach, but not the cryptomining therein.
"We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way." – Tesla
Apparently the flaw is fixed and was fixed very soon after it was discovered. The folks at RedLock reported their findings to Tesla immediately upon their discovery, and all was fixed "quickly."
Hackers kept CPU usage low, probably to avoid detection. The software used a "non-standard port" which apparently made it difficult to detect based on port traffic. Hackers did not use a public mining pool to attain max amounts of cryptocurrency, instead opting to mine alone – this makes mining move slower, but here makes it all more difficult to track the end user.
The hackers also used a service you may have heard of: CloudFlare. Using CloudFlare, hackers hid their IP address behind the CDN's (content delivery network) IP address on-demand services. This, too, makes the hackers difficult to track. While this instance wasn't particularly damaging, future instances very well might.