Data Security

Tesla vehicle data inadvertently leaked by misconfigured TeslaMate servers

A Tesla car sits parked at a Tesla Supercharger on September 23, 2020 in Petaluma, Calif. Today’s columnist, Sascha Fahrbach of Fudo Security, says when it comes to insider threats, companies can’t depend on what happened at Tesla where an insider opted not take a $1 million bribe and ultimately worked with the FBI. Fahrbach lays out a five-point p...

Tesla vehicles are having their granular location histories and other sensitive information leaked by more than 1,300 internet-exposed TeslaMate dashboards created to allow self-hosting and visualization of various vehicle data, according to TechCrunch.

Aside from showing vehicles' last-seen locations, such a misconfiguration has also revealed Tesla model names while visualizing their positions on a map, reported SwordSec founder Seyfullah Kilic. "You're unintentionally sharing your car's movements, charging habits, and even vacation times with the entire world," said Kilic, who noted the research's goal to reveal the potential for extensive data exposure without the implementation of firewall rules or basic authentication measures. All TeslaMate users have been urged to promptly activate authentication to prevent the risk of further compromise. Such a study comes three years after TeslaMate founder Adrian Kumpf noted that inadvertent server exposures could not be averted by the platform.

You can skip this ad in 5 seconds