Talk about thinking outside the box. Apparently, a group of hackers had the brilliant idea to hack into Tesla’s cloud computing console and turn it into a cryptocurrency miner to their benefit.
The hack was discovered by the CSI team of Redlock, a cloud-based security firm, who found that hackers had targeted Tesla’s Google-based Kubernetes console; which wasn’t even password-protected.
Once they gained access, the hackers then proceeded to obtained credentials from Tesla’s Amazon S3 account, along with the private data that was stored within. Additionally, one of the affected pods also had an Amazon S3 bucket that contained telemetry data.
What makes the feat even more impressive is how the hacker had evaded detection; they installed the mining pool software within an unlisted destination, and even hid the IP address of the mining pool server behind the cloud’s Cloudflare CDN. This basically made it difficult for standard IP and domain-based threat intelligence feeds to detect their activity.
“The mining software was configured to listen on a non-standard port which makes it hard to detect the malicious activity based on port traffic,” Redlock wrote in its blog. “Lastly, the team also observed on Tesla’s Kubernetes dashboard that CPU usage was not very high. The hackers had most likely configured the mining software to keep the usage low to evade detection.”
Redlock has since remedied and rectified the issue. As for Tesla, the company attempted to allay any and all fear about the security compromise by saying that it “maintains a bug bounty problem to encourage this type of research,” and that it had “addressed this vulnerability within hours of learning about it.”
Since the meteoric rise in value of cryptocurrency, cryptojacking has become an increasingly lucrative form of revenue for hackers. Obviously, Tesla isn’t the first big company to have its cloud servers cryptojacked. According to Redlock, Aviva, a British multinational insurance company had its cloud system cryptojacked by hackers.
Gemalto, the world’s largest SIM card manufacturer – also a client of Redlock – was also another victim whose cloud system was discovered to have been hacked and turned into cryptocurrency miners.