A security researcher identified a vulnerability in TeslaLogger, a third-party software used to collect data from Tesla vehicles, that leveraged insecure default settings that could be exploited to gain unauthorized access to TeslaLogger instances.
Reported the issue to the TeslaLogger maintainer, who took steps to mitigate the risk, as it is important to note that this vulnerability does not reside within Tesla vehicles or Tesla’s infrastructure.
Vulnerabilities have been identified in TeslaLogger, an open-source data logger for Tesla cars, while searching for interesting automotive projects.
After installing it on the laptop using Docker, the researcher employed nmap to identify running services in the MariaDB database (port 3306), the Graphana visualization tool (port 3000), and an admin panel (port 8888).
Intrigued by MariaDB and Graphana, he leveraged DBweaver to connect to the database using default credentials found in the project repository, and with the hopes of extracting the Tesla car API key, executed a SQL query to retrieve all data from the ‘cars’ table.
A vulnerability exists in Tesla integrations that utilize the Tesla API, as compromised Tesla tokens, including access tokens and refresh tokens, grant attackers full remote control over a car.
While Tesla’s API employs Role-Based Access Control (RBAC), Tesla logger applications often request excessive permissions, allowing attackers to exploit the API key to manipulate the car’s state (e.g., adding drivers, unlocking doors, controlling climate).
Free On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free
This issue persists even if the database is not exposed, as alternative methods for obtaining API keys exist. Certain Tesla logger implementations on Raspberry Pi devices further exacerbate the problem by negligently exposing the API key.
Harish SG discovered a vulnerable Grafana dashboard with default credentials, allowing access to Tesla API tokens. TeslaLogger, a third-party software used for Tesla data logging, was vulnerable due to storing credentials in plain text and insecure default configurations.
By exploiting these weaknesses, identified over 30 TeslaLogger instances susceptible to remote attacks, potentially granting control of Tesla vehicles, and responsibly reported the findings to the TeslaLogger developer after discovering their contact information.
Disclosed a vulnerability in TeslaLogger, a third-party software for Tesla cars, that could have allowed attackers to steal Tesla API credentials if they compromised the TeslaLogger database.
He worked with the TeslaLogger maintainer to fix the issue, which involved encrypting the API credentials in the database and adding authentication to the admin pane, as he did not report the issue directly to Tesla because of an unhelpful response they received from Tesla in the past regarding a similar issue with another third-party software.
ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service