Hackers mined cryptocurrency by using Tesla's Cloud system

in #cryptojacking7 years ago

images.png

You guys probably only heard this news.

But let me tell you in details.

The news mainly came from the Researchers.
According to them, Tesla's cloud system was hijacked by hackers earlier. They used it to mine
a cryptocurrency, but not sure which cryptocurrency it was.

unnamed (1).png

Cybersecurity firm RedLock* said few days ago that,

  • The automaker's Kubernetes administration console was not password protected. That's why These Hackers were able to infiltrate it.

Kubernetes is a Google-designed system aimed at optimizing cloud applications.

This left access credentials for Tesla's Amazon Web Services (AWS) account exposed.
Thus the hackers used a cryptocurrency mining software called Stratum to mine cryptocurrency usung the cloud's GPU.

These GPUs are faster than the normal ones. So, it's beneficial to use them.

According to RedLock,

  • Other major firms such as the British insurer Aviva and the Dutch SIM-maker Gemalto, also faced with the same problems.

But the incident affecting Tesla's cloud system was much more sophisticated.
The hackers in this case used different strategies to hide their identity.

Luckily there was no impact on customer data protection or the safety and security of its vehicles.

Gaurav Kumar, CTO of RedLock said in an interview that,

"In our analysis, cloud service providers such as Amazon, Microsoft and Google are trying to do their part, and none of the major breaches in 2017 was caused by their negligence."

He added:

"However, security is a shared responsibility. Organizations of every stripe are fundamentally obliged to monitor their infrastructures for risky configurations, anomalous user activities, suspicious network traffic, and host vulnerabilities. Without that, anything the providers do will never be enough."

According to him, this kind of hijacking could be called

"Cryptojacking"

Recent news also state that,
There are some apps from playstore, which hackers installed a background app in them.

After installing those playstore app, even if you are not using your phone, you will sometime see that your phone is becoming hot.
One of the reason for this could be that there might be background mining going on.

So guys, stay safe and secured. And always be wary.

Sort:  

The hackers accessed Tesla through a Kubernetes pod, which wasn’t password protected. They were then able to install mining pool software, using an unlisted endpoint to avoid detection. The IP was also hidden,and the CPU usage was kept low to fly under the radar, which shows a lot of custom configuration. However, they were notified by the RedLock CSI team, who reported the issue straight away. After that, the problem was quickly solved. While it shows that Tesla have got some sophisticated monitoring systems in place to quickly deal with hacks, it is also a surprising oversight that there was an accessible area that wasn’t password protected: Tesla Hacked By Miners Looking To Harness Mining Power - How Did They Do It?

Coin Marketplace

STEEM 0.19
TRX 0.15
JST 0.029
BTC 63657.90
ETH 2656.15
USDT 1.00
SBD 2.84