Tesla Cloud Servers Hacked By Cryptojackers

[Lucian Armasu]

The RedLock cloud security team uncovered a cryptojacking attack on some of Tesla's cloud systems, which exposed access to telemetry data and allowed the attackers to break in easily without requiring a password.

Tesla Cloud Servers Hacked By Cryptojackers : Read more

 

[x3style]

Title is misleading by omission. Tesla got hacked and parched it quickly, other similar services from other manufacturers are less secure. Tesla takes security more serious than others.

Not to be accused of fanboyism but title portrays the company as bad for being hacked, then article actually explains hack was on isolated test systems and that the company is actually leading the market in security.

 

[apesoccer]

If the author potentially gets paid based on hits/popularity, then you throw out there whatever brings people in. Don't blame the player, blame the game. ...or something like that...

 

[alextheblue]

Title is misleading by omission. Tesla got hacked and parched it quickly, other similar services from other manufacturers are less secure. Tesla takes security more serious than others.

Not to be accused of fanboyism but title portrays the company as bad for being hacked, then article actually explains hack was on isolated test systems and that the company is actually leading the market in security.

I guess you'd have to take security more seriously when you've got unnecessary attack vectors... like a web browser. However it seems the web browser is so terrible it doesn't get much serious use. You'd be better off taping an iPad to the dashboard. Honestly I don't know why anyone puts Musk on such a pedestal. He built much of his empire on the backs of taxpayers. Go look up how much federal and state funds Tesla has soaked up over the years (directly and indirectly).

 

[Christopher1]

Title is misleading by omission. Tesla got hacked and parched it quickly, other similar services from other manufacturers are less secure. Tesla takes security more serious than others.

Not to be accused of fanboyism but title portrays the company as bad for being hacked, then article actually explains hack was on isolated test systems and that the company is actually leading the market in security.

With all due respect if they 'took security seriously' their systems would have been password-protected from the start!
This leans towards "They do not take basic security very seriously so start investigations into what other holes they might have left open!"

 

[Ninjawithagun]

deleted

 

[Ninjawithagun]

If the author potentially gets paid based on hits/popularity, then you throw out there whatever brings people in. Don't blame the player, blame the game. ...or something like that...

Incorrect. You apparently have no clue how cybersecurity works or it's intended goals. Cybersecurity is EVERYONE'S responsibility. The fact that such a high tech, high profile company like Tesla failed to use even the most basic measures (passwords) is a huge failure. It shows a high level of incompetence on Tesla. What other compromised systems exist within the Tesla corporation? Russia has probably already stolen all of the super secret plans for building their own Falcon Heavy rocket launch system. No surprise really. People are so busy drooling over Musk that they forget he anything but perfect. This just proves that point even more so.

 

[apesoccer]

If the author potentially gets paid based on hits/popularity, then you throw out there whatever brings people in. Don't blame the player, blame the game. ...or something like that...

Incorrect. You apparently have no clue how cybersecurity works or it's intended goals. Cybersecurity is EVERYONE'S responsibility. The fact that such a high tech, high profile company like Tesla failed to use even the most basic measures (passwords) is a huge failure. It shows a high level of incompetence on Tesla. What other compromised systems exist within the Tesla corporation? Russia has probably already stolen all of the super secret plans for building their own Falcon Heavy rocket launch system. No surprise really. People are so busy drooling over Musk that they forget he anything but perfect. This just proves that point even more so.

I think you either didn't read my message, which wasn't anything to do with the hack, it was a comment on the name of the article, or you just quoted the wrong response maybe. In so far as cybersecurity is concerned... I have some* idea of how it works, what is involved in keeping a company, relatively, safe/secure with best practices, and how to impose, again relative, safe practices for my IT crew and users. I won't try to claim i have an excellent, or really, even a very good handle on imposing all portions of security... But i have some idea of the concerns cybersecurity professionals generally have.

In so far as Tesla and their security measures, i'd imagine, like most things, there is a scale and prioritization of different IT projects with limited set of man hours to spend on a given project where you sometimes turn on a system, set the basic functions, set yourself a list of things to take care of, and again based on that prioritization, take care of it accordingly. So what i suggest is that perhaps, that test system, just wasn't done yet...as test systems are often in a state of...change; and often a weak point in security because of that potential low-prioritization and lack of important data pertaining in it. Or...maybe they just got lazy. /Shrug.

 

[Ninjawithagun]

Tesla is a premiere corporation and as such Cybersecurity should be their number one concern. The fact that any of this happened and the specifics of how it happened are horrifying. As a consumer, I would not buy stock in this company - and is really too late to do so anyways. What is not in the article is the fact that corporate secrets were stolen. The only question we have to ask is what was the extent of the theft...

 

[apesoccer]

If you think you shouldn't buy stock in a company because they have been "hacked"...heh, well, i guess you won't be buying any stock. Also...what percentage of companies that have been hacked do you think actually know about it? I'd guess less then 10% and i'd lean towards less then 1% that you hear about. You don't get to be considered a decent tight rope walker by falling.

As many people have said before in one way or another, its not a matter of whether something can be hacked, as how long it takes.

Number one concern shouldn't be security for a company intending to make money (well...outside of security companies anyway)...Number one should remain as how do i increase my worth or expand etc... If you are spending too much money or time* on security (or too little), you aren't going to make any money (or if too little, you'll end up paying for it...)... So as i said, it'll still be prioritized and test setups are (or maybe should) still going to be lower priority then more important systems or data. And again, doesn't excuse a door left open, but might explain some of it.

 

[Ninjawithagun]

If you think you shouldn't buy stock in a company because they have been "hacked"...heh, well, i guess you won't be buying any stock. Also...what percentage of companies that have been hacked do you think actually know about it? I'd guess less then 10% and i'd lean towards less then 1% that you hear about. You don't get to be considered a decent tight rope walker by falling.

As many people have said before in one way or another, its not a matter of whether something can be hacked, as how long it takes.

Number one concern shouldn't be security for a company intending to make money (well...outside of security companies anyway)...Number one should remain as how do i increase my worth or expand etc... If you are spending too much money or time* on security (or too little), you aren't going to make any money (or if too little, you'll end up paying for it...)... So as i said, it'll still be prioritized and test setups are (or maybe should) still going to be lower priority then more important systems or data. And again, doesn't excuse a door left open, but might explain some of it.

Consideration of whether or not to buy stock in a company based upon them practicing bad cybersecurity is one of many factors to consider prior to investing. Regardless, the point is that they are guilty of very bad business practices and the consumer should be aware of this fact. You are only substantiating common sense and not stating anything of specific new relevance.

 

[apesoccer]

I've not been convinced they are guilty of "very bad business practices" or that they practice bad cybersecurity. What i'm convinced of is that several companies have been hacked in the same way. Which begs the question...why or maybe how...But even if the 'why' doesn't really matter, the hackers would have to have done something to access both the network (vpn) that amazon cloud services use, and gotten a hold of the user id which is default to that service for that company. Which, honestly, both should be hard to defeat...The vpn to the cloud services we use, the passwords are partially randomized every 1 min. It's a pain in the ass sometimes to get in and easy enough to get locked out. This might have sounded like a simple hack, but i really doubt it was...And honestly, no company that doesn't care about its security would Ever put out a bounty program...That's asking for white hacks and to get paid for it.

<edit...sorry this updated without me having intentionally updated the thread...laptop touchpad issue...weee>