By James Rogers, ,
Published February 22, 2018
Tesla has become the latest target of hackers attempting to “mine” cryptocurrency, according to cloud security company RedLock.
RedLock reports that hackers gained access to Tesla compute resources to carry out so-called “cryptojacking,” where computers are hijacked to mine cryptocurrencies. The mining process involves making compute power available to authenticate, for example, bitcoin transactions. The “miners” then receive a financial reward for making the systems available. Digital Trends has compared the mining process to being “a bitcoin bank teller.”
While individuals can opt to use their own PCs to mine cryptocurrency via specialist software, hackers have also been surreptitiously hijacking computers to steal compute power for the same purpose. They then reap the financial benefits of the cryptocurrency mining.
By stealing compute resources, hackers avoid the energy costs of powering the systems that are doing the work.
The Tesla intrusion involved accessing a cloud system, according to RedLock. “In this case the hackers not only gained unauthorized access to non-public Tesla data, but were also stealing compute resources within Tesla’s Amazon Web Services (AWS) environment for cryptojacking,” RedLock said, in a statement. “The researchers immediately informed Tesla of its findings, and the vulnerabilities have already been addressed.”
Specifically, the hackers gained access to an administrative console on an open source software used by Tesla to manage applications. This was then used to expose access credentials to the company’s AWS cloud, which in turn gave access to non-public Tesla information stored on Amazon’s Simple Storage Service (S3).
The Elon Musk-led technology company told Fox News that hackers only gained access to a limited amount of data.
“We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it,” explained Tesla, in a statement emailed to Fox News. “The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”
Cryptojacking is increasingly in the news. Hackers, for example, recently “invaded” ads on YouTube to mine cryptocurrency, according to PCMag, stealing compute power via victims’ browsers. Other recent cryptojacking targets include a host of U.K. government websites and USCourts.gov, PCMag reports.
In a recent report, anti-malware software firm Malwarebytes noted a massive increase in the malicious use of so-called “cryptominers” in 2017. “Driven by the cryptocurrency craze, bad actors have started utilizing cryptomining tools for their own profit, using victim’s personal computers in the process,” it explained, in a statement. “This includes a significant increase of miners through compromised websites, malicious spam, exploit kit drops and adware bundlers.
Malwarebytes blocked an average of 8 million “drive-by mining” attempts per day in September 2017, it said.
Marcin Kleczynski, the Malwarebytes CEO, told Fox News that consumers may not even know that their PC power is being harvested to mine cryptocurrency such as bitcoins. “But if you look at your computer, your resources are spiking,” he said.
Follow James Rogers on Twitter @jamesjrogers