Amazon Cloud Services Hacked to Mine Cryptocurrency

Tesla, the manufacturer of popular electric vehicles and an even more popular orbiting Roadster, recently announced that its Amazon Web Services account was hacked and used to mine cryptocurrency.  The company was first informed of the breach by cybersecurity firm RedLock, who found the compromise while simply surveying Tesla's platform for vulnerabilities as part of Tesla's bug bounty program (RedLock was compensated for their find).  The breach was sourced to a simple IT administrative console that didn't have a password, though Tesla has not been able to determine who was behind the attack or how much cryptocurrency was mined.  Tesla was able to remedy the vulnerability and stop the attack within hours of being notified by RedLock.

Amazon Web Services is the popular cloud storage division of the online retailer, and it is one of the company's most profitable services.  However, its accounts have become vulnerable to hacking for the purpose of "cryptojacking", a practice in which hackers use the system to mine cryprtocurrency.  Mining cryptocurrency has become more and more lucrative recently.

Tesla vehicles are known for being ultra-connected to the company's home servers, so what does this security breach mean for the vehicle owners and their safety?  Fortunately, not very much.  It appears that the breach was limited to Tesla company data only, such as data relating to the company test cars.  However, some of Tesla's proprietary data relating to mapping, telemetry, and vehicle servicing was compromised and could fall into the hands of competitors.  Additionally, the breach highlights a common concern of autonomous driving systems (a mild form of which Tesla offers in its Autopilot) - the fact that the computers controlling vehicles can be compromised and give unsafe or incorrect commands to vehicles.

As is always the mantra when it comes to data security, secure, secure, secure, and secure some more.  Hackers are becoming more creative and aggressive in their attacks and even end users can take simple steps to help thwart data loss.

This article was based on a February 20, 2018 Business Insider article by Mark Matousek.

File To
Archived
File To
Current News