IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Tesla's cloud hacked to mine cryptocurrencies

RedLock told Tesla about the security hole so it could be rectified

bitcoin miner

RedLock has revealed its security hackers broke into Tesla's cloud and stole the resources they needed to mine cryptocurrency because the car giant hadn't secured its open source systems.

The security researcher revealed the findings in its Cloud Security Trends report, saying that attacks to mine cryptocurrency are on the rise, but many of the incidents are able to happen because of poor "user and API access hygiene."

In addition, businesses aren't monitoring their entire cloud infrastructure, meaning when an attack does happen, it often goes unnoticed until it's too late.

RedLock did advise Tesla that it was able to access the credentials it needed to break into Tesla's AWS environment. Upon further investigation, researchers at the security firm were able to access an Amazon S3 bucket, which stored sensitive data such as telemetry.

"We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it," a Tesla spokesperson told Gizmodo.

"The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way."

However, the incident spurred RedLock to look into access key hygiene and it discovered that 40 percent of access keys have not been rotated in the recommended 90-day period, while almost three-quarters of businesses are allowing root user activities.

A combination of these two security malpractices means that hackers would potentially be able to find highly sensitive information much easier than if businesses employed best practice to their cloud security.

RedLock thinks this kind of attack will increase in intensity in the coming months, making it vital businesses monitor their cloud environments for any potential holes.

Featured Resources

2023 Strategic roadmap for data security platform convergence

Capitalise on your data and share it securely using consolidated platforms

Free Download

The 3D trends report

Presenting one of the most exciting frontiers in visual culture

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Recommended

Cloud security market to hit $106 billion by 2029
cloud computing

Cloud security market to hit $106 billion by 2029

11 Apr 2022

Most Popular

What's powering Britain’s fibre broadband boom?
Network & Internet

What's powering Britain’s fibre broadband boom?

3 Feb 2023
Dutch hacker steals data from virtually entire population of Austria
data breaches

Dutch hacker steals data from virtually entire population of Austria

26 Jan 2023
Windows 10 users locked out of devices by unskippable Microsoft 365 advert
bugs

Windows 10 users locked out of devices by unskippable Microsoft 365 advert

3 Feb 2023