Hackers target cryptocurrency via Tesla’s public cloud: don’t mine our business – mind your own business!

By Cameron Abbott and Samantha Tyrrell

Not even Tesla is immune to digital security breaches according to a recent report published by RedLock. The cloud security firm discovered that intruders were able to access and exploit Tesla’s public cloud system to mine cryptocurrencies, a scheme – which due to its surge in popularity – is now better known as cryptojacking. A recent string of similar incidents has demonstrated that hackers are shifting their focus away from siphoning data to siphoning cloud resources instead.

The hackers were able to infiltrate Tesla’s Amazon Web Services (AWS) cloud system via its Kubernetes console (an open source system developed by Google for use by companies to deploy and manage cloud-based applications). RedLock’s Cloud Security Intelligence team said that the console lacked password protection which enabled the hackers to commandeer the AWS compute resources and run scripts to mine the digital coins. The hackers used sophisticated malware which made it more difficult for Tesla to detect and shut down the breach.

While the focus of this hack might have been on digging for cryptocurrency, by gaining access to Tesla’s AWS system the hackers also had access to some sensitive data – including telemetry, mapping, and vehicle servicing data. Luckily for Tesla, its investigation into the matter found no indication that customer privacy or vehicle safety was compromised in any way; cryptojacking was clearly more valuable an exercise.

In order to protect their data, businesses need to consider the security of their cloud systems rather than simply relying on their cloud service providers as a cover-all. Much like a Tesla Roadster, the legal consequences stemming from a hack such as this have the potential to go from 0 to 100 in the blink of an eye.

Copyright © 2018, K&L Gates LLP. All Rights Reserved.