TeslaMate Server Data Leak: Hundreds of Servers Exposed

Tesla Vehicle Data Exposed Through Publicly Accessible Servers

A recent discovery by a security researcher reveals that sensitive data from over a thousand Tesla vehicles is being inadvertently shared due to publicly exposed hobby servers.

Seyfullah Kiliç, the founder of SwordSec, a cybersecurity firm, identified more than 1,300 TeslaMate dashboards accessible on the internet.

These dashboards were unintentionally made public, granting unauthorized access to vehicle data without requiring any login credentials.

What is TeslaMate?

TeslaMate is an open-source data logging tool. It allows Tesla owners to host and visualize data from their vehicles on their personal computers.

This data includes details like vehicle temperature, battery health, and charging activity, as well as more private information.

Specifically, the tool logs vehicle speed and precise location data from recent journeys.

How Was the Data Exposed?

Kiliç conducted an internet scan to locate publicly available TeslaMate dashboards.

He then extracted the vehicles’ most recent known locations and their respective models.

This information was visualized on a map, demonstrating the widespread nature of the exposure.

“Individuals are unknowingly broadcasting their vehicle’s movements, charging patterns, and even their travel schedules to a global audience,” Kiliç explained.

Raising Awareness and Urging Security Measures

Kiliç shared his findings with TechCrunch to highlight the scale of the problem and encourage TeslaMate users to enhance their security.

“The intention was to demonstrate to Tesla owners and the open-source community that without fundamental security measures, such as authentication or firewall configurations, sensitive data – including GPS coordinates, charging details, and trip histories – can be compromised,” Kiliç stated.

A Growing Problem

While the issue isn't new, Kiliç’s research indicates a significant increase in exposed TeslaMate dashboards since a previous assessment in 2022.

A prior investigation in 2022 revealed dozens of publicly accessible dashboards.

Now, over three years later, the number has surged to over a thousand self-hosted servers, suggesting the problem is escalating.

TeslaMate’s Response

Adrian Kumpf, the founder of TeslaMate, previously informed TechCrunch in 2022 that a patch was released to mitigate public access to user dashboards.

However, Kumpf cautioned that the project cannot prevent users from inadvertently exposing their servers to the internet.