Over 1,300 TeslaMate Servers Exposed Online, Spilling Vehicle Data
PorAinvest
martes, 26 de agosto de 2025, 10:43 am ET1 min de lectura
TSLA--
A security researcher has discovered over 1,300 publicly exposed TeslaMate servers that are inadvertently sharing sensitive data about Tesla vehicles, including location histories. These servers, run by Tesla owners, were likely made public by mistake, allowing anyone to access the data without a password [1].
Seyfullah Kiliç, founder of cybersecurity company SwordSec, found these exposed servers by scanning the internet for public-facing TeslaMate dashboards. TeslaMate is an open-source data logger that allows Tesla owners to self-host and visualize their vehicle’s data from their own computers, such as temperature, battery health, charging sessions, and more sensitive information like vehicle speed and recent trip locations [1].
Kiliç mapped the locations of these vehicles on a map to demonstrate the extent of the data leakage. He noted that without basic authentication or firewall rules, sensitive data can be easily leaked [1]. This issue is not new but has significantly worsened since 2022 when a security researcher found dozens of public TeslaMate dashboards exposed to the web [1].
TeslaMate's founder, Adrian Kumpf, acknowledged the problem in 2022 and released a bug fix aimed at protecting against public access to customers’ dashboards. However, he warned that the project could not protect against users accidentally exposing their TeslaMate servers to the internet [1]. Kiliç emphasized the importance of enabling authentication on servers to prevent public access [1].
The security researcher’s findings highlight the growing risk of data exposure through self-hosted applications. Organizations and individuals should prioritize securing their servers and data, especially when dealing with sensitive information. European organizations are particularly at risk, especially those relying on the bobbingwide oik software, which has a recently discovered high-severity reflected Cross-Site Scripting (XSS) vulnerability [2].
References:
[1] https://techcrunch.com/2025/08/26/security-researcher-maps-hundreds-of-teslamate-servers-spilling-tesla-vehicle-data/
[2] https://radar.offseq.com/threat/cve-2025-54670-cwe-79-improper-neutralization-of-i-b951e1ca
A security researcher has found over 1,300 publicly exposed TeslaMate servers that are leaking sensitive data about Tesla vehicles, including location histories. The servers, run by Tesla owners, were likely made public by mistake, allowing anyone to access the data without a password. The researcher urges TeslaMate users to secure their dashboards by enabling authentication to prevent public access.
Title: Over 1,300 TeslaMate Servers Exposed, Leaking Sensitive Vehicle DataA security researcher has discovered over 1,300 publicly exposed TeslaMate servers that are inadvertently sharing sensitive data about Tesla vehicles, including location histories. These servers, run by Tesla owners, were likely made public by mistake, allowing anyone to access the data without a password [1].
Seyfullah Kiliç, founder of cybersecurity company SwordSec, found these exposed servers by scanning the internet for public-facing TeslaMate dashboards. TeslaMate is an open-source data logger that allows Tesla owners to self-host and visualize their vehicle’s data from their own computers, such as temperature, battery health, charging sessions, and more sensitive information like vehicle speed and recent trip locations [1].
Kiliç mapped the locations of these vehicles on a map to demonstrate the extent of the data leakage. He noted that without basic authentication or firewall rules, sensitive data can be easily leaked [1]. This issue is not new but has significantly worsened since 2022 when a security researcher found dozens of public TeslaMate dashboards exposed to the web [1].
TeslaMate's founder, Adrian Kumpf, acknowledged the problem in 2022 and released a bug fix aimed at protecting against public access to customers’ dashboards. However, he warned that the project could not protect against users accidentally exposing their TeslaMate servers to the internet [1]. Kiliç emphasized the importance of enabling authentication on servers to prevent public access [1].
The security researcher’s findings highlight the growing risk of data exposure through self-hosted applications. Organizations and individuals should prioritize securing their servers and data, especially when dealing with sensitive information. European organizations are particularly at risk, especially those relying on the bobbingwide oik software, which has a recently discovered high-severity reflected Cross-Site Scripting (XSS) vulnerability [2].
References:
[1] https://techcrunch.com/2025/08/26/security-researcher-maps-hundreds-of-teslamate-servers-spilling-tesla-vehicle-data/
[2] https://radar.offseq.com/threat/cve-2025-54670-cwe-79-improper-neutralization-of-i-b951e1ca
Divulgación editorial y transparencia de la IA: Ainvest News utiliza tecnología avanzada de Modelos de Lenguaje Largo (LLM) para sintetizar y analizar datos de mercado en tiempo real. Para garantizar los más altos estándares de integridad, cada artículo se somete a un riguroso proceso de verificación con participación humana.
Mientras la IA asiste en el procesamiento de datos y la redacción inicial, un miembro editorial profesional de Ainvest revisa, verifica y aprueba de forma independiente todo el contenido para garantizar su precisión y cumplimiento con los estándares editoriales de Ainvest Fintech Inc. Esta supervisión humana está diseñada para mitigar las alucinaciones de la IA y garantizar el contexto financiero.
Advertencia sobre inversiones: Este contenido se proporciona únicamente con fines informativos y no constituye asesoramiento profesional de inversión, legal o financiero. Los mercados conllevan riesgos inherentes. Se recomienda a los usuarios que realicen una investigación independiente o consulten a un asesor financiero certificado antes de tomar cualquier decisión. Ainvest Fintech Inc. se exime de toda responsabilidad por las acciones tomadas con base en esta información. ¿Encontró un error? Reportar un problema
Comentarios
Aún no hay comentarios