HomesecurityRapid7: There are vulnerabilities in the Tesla Backup Gateway

Rapid7: There are vulnerabilities in the Tesla Backup Gateway

Rapid7 researchers have described in detail some vulnerabilities in the Tesla Backup Gateway and how they can be exploited.

On Tuesday, Rapid7 described the security risks associated with connecting the Tesla Backup Gateway to the Internet. In particular, the ways in which open links can be used to violate the privacy and security of users.

Tesla Backup Gateway

The Tesla Backup Gateway is an automotive plant management platform solar energy and battery / Powerwall. The system can be connected directly to network, monitor downtime and enable users to monitor and control power supplies via a connected mobile app. Connections can be made via wifi, Ethernet cable or mobile.

To access the gateway, users connect to the software wifi network, enter its serial number - which acts as a password - and access the Tesla Backup Gateway from one internet browser. Each portal uses a self-signed certificate SSL.

The first time a user logs in, the email and password are used - the last five digits of the gateway password.

According to Rapid7 and previous research by Vince Loschiavo, the danger of this practice is that the weak can be exploited. credentials.

At worst, five digits for first-time connections lead to 60,4 million combinations passwords and the team says there do not seem to be any restrictions to stop the attempts brute-force attacks.

The access point SSID uses the last three characters of the serial number so there are only two left for hackers to guess.

Rapid7 also notes that many publish Tesla Solar and Powerwall home installation licenses online, giving invaders direction to potential targets.

When the gateway connects to a local network, its hostname is transmitted using the full serial number. Some Tesla Backup Gateway installations were also found, available and accessible on Internet.

Rapid7 contacted Tesla prior to the publication of the investigation, and the company said that upcoming security updates would include fixes to the issues reported.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.