BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

How Tesla's Site, App And Twitter Feeds Were Attacked Via AT&T

Following
This article is more than 8 years old.

Over the weekend, Tesla’s site and a number of its Twitter profiles were hacked, including one belonging to co-founder Elon Musk. The famous car brand has released details of what went down, which included some sneaky social engineering on behalf of the hackers, who abused AT&T customer support. The FBI appears to have been brought in too.

Whilst visitors to the site would have noticed something odd, as they were redirected to a site apparently belonging to a hacker crew called “AutismSquad”, with some offensive sexual references to the breach, some drivers would have noted the hack too, as the Tesla Model S mobile app was also affected. The hackers were seemingly just mischief-makers. The page users were redirected to contained Twitter addresses belonging to people claiming not to have taken part in the attack, and on the hacked Tesla Twitter feed were promises of free cars to anyone who called a number, again belonging to someone who claimed to know nothing of the breach.

Here’s Tesla’s full explanation, sent from a spokesperson to FORBES via email, of what happened: “This case is under investigation, here's what we know: Posing as a Tesla employee, somebody called AT&T customer support and had them forward calls to an illegitimate phone number. The impostor then contacted the domain registrar company that hosts teslamotors.com, Network Solutions.

“Using the forwarded number, the imposter added a bogus email address to the Tesla domain admin account. The impostor then reset the password of the domain admin account, routed most of the website traffic to a spoof website and temporarily gained access to Tesla's and Elon's Twitter accounts.”

Tesla’s corporate network, cars and customer database were not affected and everything has been restored to normal, according to the spokesperson. “We are working with AT&T, Network Solutions, and federal authorities to further investigate and take all necessary actions to make sure this never happens again,” the spokesperson added.

Though AT&T manages the Tesla car network, drivers should have nothing to fear and it seems Tesla recovered quickly. It has a decent track record with security, rewarding those who have responsibly disclosed vulnerabilities to the firm, whilst putting the most helpful on a Hall of Fame.

Regardless of the impact of the attack on customers, the attack on Tesla has highlighted various weaknesses in the background of websites and company’s networks. First, it’s still possible to social engineer employees at huge telecoms firms. Second, domain registrars can then be abused. And finally, two factor authentication appears to have been lacking along the chain.

If the hackers had started serving up malware from their page, instead of just abusing their power for childish pranks, they could have caused a lot more trouble for Tesla and its customers.