2/21/2018

Tesla Kubernetes Servers Hacked


Tesla Kubernetes Servers Hacked, Infected with Cryptocurrency Miner Malware 

As detected by the Cloud security firm RedLock, Tesla internal cloud servers were hacked by unscrupulous elements and cryptocurrency miner malware was found installed on the company’s servers utilized by their engineers. This incident was reported to have taken place last year, when hackers got a fraudulent access to Tesla's Kubernetes server. This is an open-source application which is utilized by many companies to handle API and server infrastructure set up on cloud hosting providers.

The experts from RedLock revealed that the Kubernetes server’s pod that stored login details for one of Tesla's AWS cloud infrastructure was breached by the hackers. The server’s AWS buckets stores sensitive data such as telemetry, and but a spokesperson for Tesla Motors reiterated in an email to Bleeping Computer that the data was from their internally-used engineering test cars. Moreover, there was no proof that hackers stole any data, but they did made an effort and did install a mining application that was accountable for the wide computational resources of Tesla's internal servers to fraudulently mine the Monero cryptocurrency.

Tesla got a notification about the hacking incident, and thereafter, they secured the server instantaneously. According to the version of RedLock, the incident took place for the reason that Tesla engineers overlooked to protect the Kubernetes console with an access password. Tesla officials were also found quoting that in order to persuade this type of research, they maintain a bug bounty program, and had the capacity to encourage this type of research. Furthermore, they can solve any problem within hours of learning about it. The impact of breaching its internal servers appears to be restricted to internally-used engineering test cars only. As per the inquiry made by them, there was no sign of breaching or comprising of customer privacy or security in any way.

Most interestingly, the hackers made configuration changes in order to avoid any kind of suspicion or detection. Obviously, they made out what they were doing. They hacked the system only to set up a private mining pool meant for their fraudulent illegal mining operations. As a part of their illegal activities, they suppressed the mining pool behind CloudFlare, and the mining software was further configurated to take note of commands on a non-standard port. As a result of these activities, the hidden mining software was able to utilize only a small portion of Tesla's AWS CPU resources.

It is, obviously, clear that the hackers made a considerable amount of money by the utilization of a custom mining pool. In the past too, RedLock found exposed similar servers without a password belonging to Aviva, a British insurance company, and Gemalto, the world’s leading SIM cards manufacturing company.

0 comments:

Post a Comment