Hackers hijack Tesla's Amazon cloud account to mine crypto-currency

21 Feb 2018

An unidentified hacker or hackers gained access to a Tesla-owned Amazon cloud account and used it to ''mine'' cryptocurrency, according to security researchers.

Researchers who work for RedLock, a 3-year old cybersecurity startupuncovered the intrusion last month when they were trying to determine which organisation left credentials for an Amazon Web Services (AWS) account open to the public internet. They added, the owner of the account turned out to be Tesla.

''We weren't the first to get to it,'' Varun Badhwar, CEO and cofounder of RedLock, told Fortune on a call. ''Clearly, someone else had launched instances that were already mining cryptocurrency in this particular Tesla environment.''

According to commentators, this comes as the latest in a string of so-called cryptojacking attacks, which involve thieves hijacking unsuspecting victims' computers to generate virtual currencies like Bitcoin. The schemes have gained popularity with skyrocketing crypto-currency prices.

Earlier this month, websites for the US federal court system and the UK's National Health Service roped their visitors into similar virtual money-minting operations.

RedLocks' researchers say they found Tesla's credentials on an unsecured IT administrative console that did not have password protection. In specific terms they were on a Kubernetes console, a Google-designed software application that helps techies manage lightweight virtual machines called containers.

Meanwhile, in an email to Gizmodo, a Tesla spokesperson said there is ''no indication'' the breach impacted customer privacy or compromised the security of its vehicles.

''We maintain a bug-bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it,'' a Tesla spokesperson told Gizmodo in an email.

''The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.''