{"id":39156,"date":"2025-09-06T00:08:52","date_gmt":"2025-09-05T22:08:52","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=39156"},"modified":"2025-09-04T21:21:59","modified_gmt":"2025-09-04T19:21:59","slug":"vulnerability-in-tesla-open-source-app-teslamate-may-expose-user-data","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2025\/09\/06\/vulnerability-in-tesla-open-source-app-teslamate-may-expose-user-data\/","title":{"rendered":"Vulnerability in Tesla Open source app TeslaMate may expose user data"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" width=\"200\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2025\/09\/03\/sicherheitsluecke-bei-tesla-open-source-appteslamate-kann-benutzerdaten-offen-legen\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]A security researcher from Turkey with the alias @Sword_Sec took a closer look at the open-source app TeslaMate (the app has nothing to do with Tesla itself, but is used by Tesla fans for logging). According to K\u0131l\u0131\u00e7's investigation, the sensitive data of hundreds of Tesla vehicles becomes accessible to unauthorized persons when incorrectly configured TeslaMate servers are connected to the internet.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg04.met.vgwort.de\/na\/fe9b73b50bb44223ad938e7dd3cb5bfd\" alt=\"\" width=\"1\" height=\"1\" \/>I'll keep it short: A reader brought the following <a href=\"https:\/\/x.com\/gooksel\/status\/1963179111037149395\" target=\"_blank\" rel=\"noopener\">tweet<\/a> to my attention. Roughly speaking, Seyfullah K\u0131l\u0131\u00e7, who works in the field of cybersecurity, has uncovered significant security risks in the open-source application TeslaMate used by Tesla owners.<\/p>\n<p><a href=\"https:\/\/x.com\/gooksel\/status\/1963179111037149395\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/i.postimg.cc\/vBM5p9rg\/image.png\" alt=\"Sicherheitsl\u00fccke bei Tesla deckt Benutzerdaten auf\" width=\"622\" height=\"749\" \/><\/a><\/p>\n<p>The information can be found in the article <a href=\"https:\/\/www.aa.com.tr\/tr\/bilim-teknoloji\/turk-guvenlik-arastirmacisi-tesla-sahiplerinin-kullandigi-uygulamadaki-acigi-buldu\/3677093\" target=\"_blank\" rel=\"noopener\">T\u00fcrk g\u00fcvenlik ara\u015ft\u0131rmac\u0131s\u0131, Tesla sahiplerinin kulland\u0131\u011f\u0131 uygulamadaki a\u00e7\u0131\u011f\u0131 buldu<\/a>. Blog readers with Turkish roots will be able to read and understand the original. Roughly translated, it says that Seyfullah K\u0131l\u0131\u00e7, who works in the field of cybersecurity, has uncovered significant security risks in the open-source application TeslaMate used by Tesla owners.<\/p>\n<p><a href=\"https:\/\/docs.teslamate.org\/\" target=\"_blank\" rel=\"noopener\">TeslaMate<\/a> is an open-source data logger that allows Tesla owners to host their vehicle data, such as temperature, battery status, and charging processes, as well as more sensitive information such as vehicle speed and location data from recent trips, on their own computers and visualize it there.<\/p>\n<p>According to K\u0131l\u0131\u00e7's investigation, sensitive data such as location information, speeds, software versions, charging histories, and logbooks from hundreds of Tesla vehicles become accessible to unauthorized parties when misconfigured TeslaMate servers are openly accessible on the internet.<\/p>\n<p>K\u0131l\u0131\u00e7 published the technical details of his investigation in an article and at the same time created a website under the domain name <a href=\"https:\/\/teslamap.io\/\" target=\"_blank\" rel=\"noopener\">teslamap.io<\/a>, where the discovered Tesla locations are visualized.<\/p>\n<p>TechCrunch picked up on this in its article <a href=\"https:\/\/techcrunch.com\/2025\/08\/26\/security-researcher-maps-hundreds-of-teslamate-servers-spilling-tesla-vehicle-data\" target=\"_blank\" rel=\"noopener\">Security researcher maps hundreds of TeslaMate servers spilling Tesla vehicle data<\/a>. Seyfullah K\u0131l\u0131\u00e7 commented on the issue as follows: \"Our goal is not to exploit these vulnerabilities, but to raise awareness and ensure that people using open source software such as TeslaMate take security precautions. These risks can be avoided by simply verifying identities or configuring a firewall.\"<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]A security researcher from Turkey with the alias @Sword_Sec took a closer look at the open-source app TeslaMate (the app has nothing to do with Tesla itself, but is used by Tesla fans for logging). According to K\u0131l\u0131\u00e7's investigation, the &hellip; <a href=\"https:\/\/borncity.com\/win\/2025\/09\/06\/vulnerability-in-tesla-open-source-app-teslamate-may-expose-user-data\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547],"tags":[69,1544],"class_list":["post-39156","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-security","tag-software"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/39156","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=39156"}],"version-history":[{"count":2,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/39156\/revisions"}],"predecessor-version":[{"id":39158,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/39156\/revisions\/39158"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=39156"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=39156"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=39156"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}