A security researcher has found more than a thousand public exposed hobbies run by Tesla vehicle owners who leak sensitive data on their vehicles, including their granular historical sites.
Seyfullah Kiliç, founder of Cybersecurity Company Swordsec, said he found over 1,300 on -site Teslamate Passengers on the Internet online, likely to be publicized by accident, allowing anyone to access the Tesla data of the person stored in without the need for a password.
Teslamate is an open source data recorder that allows Tesla owners to self-icon and Image their vehicle data Of their own computers, such as their vehicle temperature, battery health and charging sessions, as well as more sensitive information, such as vehicle speed and recent travel data data.
In a blog postKiliç said the internet was scanned for the Teslamate Dashboards watching the public and awakened the last position of the vehicle and the Tesla model names and depicted the vehicles on a map to show their locations.
“You are unintentionally sharing your car’s movements, billing habits and even holiday times with the whole world,” Kiliç wrote.
Kiliç told TechCrunch that it was to raise awareness of the number of exposed servers and urged Teslamate users to secure their dashboards.
“The goal was to show Tesla owners and the open source community that without basically [authentication] or Wall Rules, Sensitive Data (GPS, Charge, Travel) can leak, “Kiliç said.
Although not a new problem, Kiliç shows that the number of exposed Teslamate plates has increased significantly since the last measurement in 2022, when a security researcher then found dozens of public Teslamate plates exposed to the web.
Now, more than three years later, another security researcher has found more than a thousand self-self-esteem Teslamate servers on the internet and mapped them, showing that the problem has apparently worsened.
Teslamate’s founder Adrian Kumpf told TechCrunch in 2022 that a bug repair was launched that it was aimed at protecting the public’s access to customer control panels, but warned that the project could not protect users to expose their TesLate internet.
Kiliç said Teslamate users should allow authentication to their servers to prevent public access.
“If you are planning to run Teslamate on a server that sees the public, you must secure it,” Kiliç wrote.
