[German]A security researcher from Turkey with the alias @Sword_Sec took a closer look at the open-source app TeslaMate (the app has nothing to do with Tesla itself, but is used by Tesla fans for logging). According to Kılıç's investigation, the sensitive data of hundreds of Tesla vehicles becomes accessible to unauthorized persons when incorrectly configured TeslaMate servers are connected to the internet.
I'll keep it short: A reader brought the following tweet to my attention. Roughly speaking, Seyfullah Kılıç, who works in the field of cybersecurity, has uncovered significant security risks in the open-source application TeslaMate used by Tesla owners.
The information can be found in the article Türk güvenlik araştırmacısı, Tesla sahiplerinin kullandığı uygulamadaki açığı buldu. Blog readers with Turkish roots will be able to read and understand the original. Roughly translated, it says that Seyfullah Kılıç, who works in the field of cybersecurity, has uncovered significant security risks in the open-source application TeslaMate used by Tesla owners.
TeslaMate is an open-source data logger that allows Tesla owners to host their vehicle data, such as temperature, battery status, and charging processes, as well as more sensitive information such as vehicle speed and location data from recent trips, on their own computers and visualize it there.
According to Kılıç's investigation, sensitive data such as location information, speeds, software versions, charging histories, and logbooks from hundreds of Tesla vehicles become accessible to unauthorized parties when misconfigured TeslaMate servers are openly accessible on the internet.
Kılıç published the technical details of his investigation in an article and at the same time created a website under the domain name teslamap.io, where the discovered Tesla locations are visualized.
TechCrunch picked up on this in its article Security researcher maps hundreds of TeslaMate servers spilling Tesla vehicle data. Seyfullah Kılıç commented on the issue as follows: "Our goal is not to exploit these vulnerabilities, but to raise awareness and ensure that people using open source software such as TeslaMate take security precautions. These risks can be avoided by simply verifying identities or configuring a firewall."
