Turkish researcher Seyfullah Kılıç discovered a serious security vulnerability in the TeslaMate app, used by Tesla owners. The app’s data became publicly accessible due to an improper installation. This data, accessible without requiring a password, exposes users’ information such as their address and daily routine.
Vulnerability Revealed in TeslaMate Platform
TeslaMate is an unofficial app that provides detailed statistics and reports, such as speed, consumption, range, and average energy consumption, that are not available on Tesla’s official mobile app. Users access this data by installing the app on their own computers or cloud servers. However, incorrect configurations during this installation can expose the data to the internet.
Seyfullah Kılıç, founder of the cybersecurity company SwordSec, discovered more than 1,300 publicly accessible TeslaMate servers online during his scans. Sensitive information such as vehicle routines, home and work addresses, and other information can be viewed by anyone.
Kılıç emphasized that this situation poses a serious risk to users’ physical security, warning that many Tesla owners unknowingly share their home and work addresses, and even their vacation time, with the world.
TeslaMate users should take precautions to keep their data secure. They should add authentication to the web interface and Grafana dashboards, set a username and password, and change the default passwords.
You should block direct internet access to your server, allowing access only from your local network or via VPN. Restrict port access by ensuring ports 4000 and 3000 are not public, allowing only specific IP addresses.
They should use the latest versions of the application and related software and maintain security patches. They should also regularly check server logs to identify suspicious logins.
{{user}} {{datetime}}
{{text}}