Tesla's cloud service hacked to mine cryptocurrency

The vulnerability has already been addressed, thankfully.

Andrew Krok Reviews Editor / Cars

Cars are Andrew's jam, as is strawberry. After spending years as a regular ol' car fanatic, he started working his way through the echelons of the automotive industry, starting out as social-media director of a small European-focused garage outside of Chicago. From there, he moved to the editorial side, penning several written features in Total 911 Magazine before becoming a full-time auto writer, first for a local Chicago outlet and then for CNET Cars.

See full bio

Andrew Krok

Feb. 21, 2018 8:03 a.m. PT

2 min read

First, cryptocurrency miners came for my video cards, and I did not speak out, because I wasn't building a PC. Then they came for Tesla's web services, and since that's within my editorial purview... here we are.

Hackers were able to take control of Tesla's cloud system and use it to mine cryptocurrency, according to RedLock, a company specializing in cloud-based security. The news came as part of the firm's "Cloud Security Trends" report, which believes that 8 percent of organizations have fallen prey to the same problem, except most will never notice due to "ineffective network monitoring."

Cryptocurrency : Illustration — Just in case you're not aware, cryptocurrency doesn't actually have a physical form. This is just for illustration purposes, because 1s and 0s make for a less compelling picture.
Chesnot/Getty Images

Here's how it went down. RedLock claims hackers were able to take control of Tesla's Kubernetes cloud optimization system because it wasn't password protected. From there, the scofflaws snagged up the automaker's Amazon Web Services password, which gave them what they needed to install crypto mining software. RedLock also stated that this breach gave hackers access to "non-public Tesla data," but it appears the primary mission was to borrow some processing power to make a bit of digital coin.

Tesla doesn't seem too concerned. "We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it," a Tesla spokesperson said in an emailed statement. "The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way."

"Cryptojacking," as it's called, is a cause for concern as it can eat up valuable resources in the name of making somebody else some money. Digital currency like Bitcoin is created through a process called mining, where computers solve complex math and are rewarded with said digital currency.

The problem isn't limited to hackers attempting to gain access to specific systems. Some malicious ads on the internet are loaded with JavaScript files that can take advantage of an unwitting person's CPU power to help mine cryptocurrency. CNET has a whole how-to dedicated to ensuring your electrons aren't fattening someone else's digital wallet.

Tesla's Model 3 simplifies the EV

+51 More

See all photos

Find the right car for you View Local Inventory