Derek Abdine, formerly Director of Rapid7 Labs, now CTO at Censys, contributed this blog post.
This blog post aims to increase user awareness of the privacy and security risks of connecting devices to the internet. In this edition, we address Tesla Backup Gateways and identify some key areas where Tesla could improve security and privacy to help customers protect themselves. The security risks associated with these devices have been explored previously by other researchers, as detailed below, and we hope to help boost awareness of their findings and provide some additional insight into the degree of exposure.
Recent studies of the internet from Project Sonar indicated 97 active home/commercial solar/battery installations (“power plants”) connected to the internet, with plenty of information that can be collected from them without prior authentication. The risk here is not just a violation of privacy; there is also the potential for a malicious actor to cause some action to be taken. Given that we’re talking about powerful batteries, that action could cause significant harm.
Since January 2020, we have tracked 379 total unique Tesla Backup Gateway installations. Of these, a subset are commercial-grade Tesla Powerpacks (very large battery arrays). While these numbers may seem low, the potential for malicious activity leading to serious harm could be great, and is thus worth highlighting and mitigating as soon as possible.
Background
In February 2020, I decided to take a leap into Tesla. I'm a fan of the mission of both Tesla and SpaceX, but I won’t turn this into an endorsement for Tesla itself. Suffice to say, I bought into the idea of powerwalls and solar panels. Especially with an infan ..
Support the originator by clicking the read the rest link below.
