Tesla Motors Site Was Hacked Via AT&T Scam, Social Engineering, DNS Hack

Over the weekend, Tesla Motors’ official website, its Twitter accounts for the U.S. and Europe, and the Twitter account of Tesla CEO Elon Musk, were the victims of a malicious hacking attempt in which its web traffic and email were sent to a spoof website.

At the time, we surmised that Tesla Motors [NASDAQ:TSLA] had been the victim of a DNS redirect — where hackers had managed to access the records which tell other computers the 12-digit IP address of the Tesla servers — redirecting traffic destined to Tesla’s servers to the hacker’s chosen computer.

The hack to Tesla's website was indeed caused by a third-party security flaw.

The hack to Tesla’s website was indeed caused by a third-party security flaw.

Today, Tesla has confirmed that’s exactly what happened. But the security flaw didn’t originate from Tesla: it originated from cellphone provider AT&T.

According to Tesla, someone called AT&T’s customer service pretending to be an employee of the Californian automaker. After convincing customer support that they were a legitimate Tesla employee, the hacker then asked Tesla to forward all of the calls to that cellphone to a new telephone number.

We’re guessing, although it isn’t stated, that cellphone was used by Tesla as the main administrative contact used by two-factor authentication services. With the mobile calls forwarded to a new number, the hackers would also be able to receive two-factor authentication calls and text messages designed to protect against hackers resetting passwords to any Tesla-associated accounts.

Tesla's twitter stream: while it was hacked.

Tesla’s twitter stream: while it was hacked.

With calls forwarded, the hackers then accessed the administrative account of Tesla’s webhosts, resetting the password and gaining access to Tesla’s email accounts as well as rerouting any traffic to their chosen spoof site in the process.

From with access to emails and the backup phone number, accessing Tesla’s various twitter streams — and that of Tesla CEO Elon Musk — was an easy jump.

Tesla’s Chief of Communications, Ricardo Reyes, provided us with the following official statement moments ago.

This case is under investigation, here’s what we know: Posing as a Tesla employee, somebody called AT&T customer support and had them forward calls to an illegitimate phone number. The impostor then contacted the domain registrar company that hosts teslamotors.com, Network Solutions. Using the forwarded number, the imposter added a bogus email address to the Tesla domain admin account. The impostor then reset the password of the domain admin account, routed most of the website traffic to a spoof website and temporarily gained access to Tesla’s and Elon’s Twitter accounts.

Some customers may have noticed temporary changes to www.teslamotors.com on their browsers or experienced difficulty when using our mobile app to access Model S. Both were due to teslamotors.com being re-routed. 

Our corporate network, cars and customer database remained secure throughout the incident. We have restored everything back to normal. We are working with AT&T, Network Solutions, and federal authorities to further investigate and take all necessary actions to make sure this never happens again.   

Fairly shortly after the account, Tesla was able to regain control of the wayward Twitter accounts as well as undo any of the spoof emails and access protocols used by the hackers to cause such havoc.

As always, when we have more on this story we’ll bring it to you, but for now it reminds us of one very simple thing.

A piece of armor is only as strong as its weakest link. Even if — as in this case — you’re not the one who made the weak link.

————————————

Want to keep up with the latest news in evolving transport? Don’t forget to follow Transport Evolved on Twitter, like us on Facebook and G+, and subscribe to our YouTube channel.

______________________________________

Want to keep up with the latest news in evolving transport? Don’t forget to follow Transport Evolved on Twitter, like us on Facebook and G+, and subscribe to our YouTube channel.

You can also support us directly as a monthly supporting member by visiting Patreon.com.

Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInDigg thisShare on RedditEmail this to someonePin on Pinterest

Related News

  • Michael Thwaite

    Wow, so, I’m updating my two-factor authentication recommendations! Perhaps using an app like Authy or Google Authenticator would be better than SMS messages.

    • vdiv

      The more complex the authentication mechanism the more vulnerabilities it will have. Why trust Google more than AT&T?

      • Michael Thwaite

        “Why trust Google more than AT&T?” – easy – AT&T has a customer service department that can be corrupted – have you ever tried to call Google? 🙂

  • BEP

    That’s not how two-factor authentication works! It is designed to add security, in that you have to provide both elements: for example, a password and a number received by SMS. It’s impossible to “hack” something if you only have one of the two factors. You can’t reset (and get) the password by having access to the cell phone only. I think your guess is wrong.nIn response to vdiv: the more complex the authentication mechanism, the more secure it will be, actually. It’s like having multiple doors at your home. One may be cracked open, but the others are still closed.

  • evjuice

    ” …or experienced difficulty when using our mobile app to access Model S. Both were due to teslamotors.com being re-routed. “nnWhat if hackers could honk the horns of 70,000 cars at once?