Saturday, 15 December, 2018

Cryptocurrency Miner Infiltrates a Tesla Cloud Server

Cryptocurrency Miner Infiltrates a Tesla Cloud Server Cryptocurrency Miner Infiltrates a Tesla Cloud Server
Nellie Chapman | 21 February, 2018, 07:16

From there, hackers found names and passwords for Tesla's AWS (Amazon Web Services), inside which they found their Amazon S3 buckets (Amazon Simple Storage Service), with even more sensitive data inside. The researchers also found the hackers used "sophisticated evasion measures" to go undetected.

The hackers employed cryptocurrency mining software called Stratum, but the researchers said they were uncertain of the type and amount of virtual loot mined.

The rise in popularity of cryptocurrencies lately has come with several instances of widespread hacking efforts to hijack computing power in order to mine cryptocurrencies, which is sometimes referred to as "cryptojacking".

The Tesla findings build on research from previous year, when the CSI team found that hundreds of Kubernetes administration consoles were accessible over the internet without password protection and were leaking credentials to other critical applications.

They also put the IP address used by their unlisted mining pool server behind the CloudFlare reverse proxy, and communicated with it via a non-standard network port to further evade detection. "Clearly, someone else had launched instances that were already mining cryptocurrency in this particular Tesla environment".

Lastly, the attackers didn't try to abuse the available CPU resources of Tesla's systems, because that would have raised suspicions. The folks at RedLock reported their findings to Tesla immediately upon their discovery, and all was fixed "quickly". The hackers had most likely configured the mining software to keep the usage low to evade detection. The nefarious network activity is going completely unnoticed. The scheme wasn't hard to pull off since Tesla failed to password protect one of its company IT platforms, Kubernetes.

Be on Guard for Suspicious User Behavior - When Uber was breached, the company's access credentials found its way around the internet, but the company didn't take note of the odd behavior hitting its system.

RedLock's report comes at a time when cryptojacking heists are increasing as the value of cryptocurrency grows.

At issue was Tesla's Kubernetes administrative console, which exposed access credentials to Tesla's AWS environment. However, a Tesla representative reassures that "the impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way".

In an email, the automaker said the company addressed the vulnerability within hours of learning about it.

"Organizations' public cloud environments are ideal targets due to the lack of effective cloud threat defense programs", he explained to Gizmodo.