New Frontiers Challenge Data Security
The image of a Tesla Roadster cruising around the backdrop of Planet Earth is one that will surely appear in future history books (or Kindles or Nooks or whatever students will eventually use). A historic and slightly weird visual, it was a good look for Tesla, to be part of something so unprecedented.
Not so much for this newly discovered data breach, an incident of network hijacking and cryptocurrency mining. To cut to the source…well, the source seems to be employees failing to secure a server with a password. As a result, hackers were easily able to slip inside Tesla’s Kubernetes console, within which they gained the credentials for the company’s Amazon Web Service S3 storage account. Before leaving, they also installed cryptomining software, while cloaking themselves behind several sophisticated measures. While avoiding the fine technical details, these included hiding their true IP address, as well as keeping the mining software activity on low usage, to avoid noticeable processor spikes.
According to a Tesla spokesperson, speaking to SiliconANGLE, this instance was limited to “internally used engineering test cars only.” In other words, only the company’s confidential data was impacted. Which is, naturally, not an image anyone would want to project. So far, however, their “initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”
Staff vulnerability has always been a leading cause behind data breaches, and will continue to be so, but it’s just one among many, according to experts predicting future trends for this year. In a conversation with CSOOnline, Patrick Tiquet and Craig Lurey of Keeper Security indeed cite new attack vectors, such as hardware vulnerabilities the likes of which Spectre and Meltdown exploited to shocking effect. The Internet of Things presents further complications, since connected devices risk compromising so many more types of personal information than ever before: not just the standard data, but everything from your photos to your private conversations could potentially be accessed.
As far as passwords go, even their burgeoning alternatives, such as biometric tools and two-factor authentication, will probably become targets themselves, says Lurey.
Hackers show no signs of deterring their efforts. Indeed, the Keeper Security pair believes things will be ramped up on multiple fronts. Organizations of all stripes will have to keep up.
It is interesting, though, that putting a Tesla in orbit was ultimately a more attainable goal than securing our data.