Even Tesla, one of the world’s most innovative and technologically advanced companies, isn’t immune to cyber attacks.
According security researchers at RedLock, unidentified hackers were able to break into Tesla’s Amazon cloud account and use it to run currency-mining malware. The scheme, known as cryptojacking, occurs when a hacker infiltrates a victim’s computer so they can utilize its processing power to mine for cryptocurrency like Bitcoin.
RedLock reports the intruders were able to access Tesla’s Kubernetes console without the use of a password. The breach also allowed the hackers to view the carmaker’s private data contained in Amazon’s S3 service; however, Tesla insists the hack did not compromise customer safety or privacy.
“We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it,” a Tesla spokesperson told Fortune. “The impact seems to be limited to internally used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”
Rather than use a public “mining pool,” the hacker(s) installed cryptocurrency mining software and configured it to connect to an “unlisted” or semi-public destination rather than known mining pools. The hackers also hid the true IP address of the mining pool server behind CloudFlare (a free content delivery network service), and decreased the amount of CPU resources to evade detection. Because of these clever tactics, researchers are not sure how long the hackers had access to Tesla’s account.