Tesla Backup Gateway Is Too Exposed, Security Researchers Say

The Tesla Backup Gateway, the technology that controls the connection to the power grid, has some security issues and lacks hardening measures, according to a report from Rapid7.

A wide variety of exciting technologies populate the IoT ecosystem, and many of them are just working in the background with no real presence in consumers’ day-to-day life. But just because they are not visible doesn’t mean they aren’t important. If anything, some of these technologies control critical infrastructure and need more security than most.

A recent Rapid7 report showed that the Tesla Backup Gateway, a vital piece of technology that controls the connection to the power grid of individual Tesla Powerwall and solar energy users, is a lot more exposed to the Internet than it should be.

The Tesla Backup Gateway has three networking schemes but uses the Wi-Fi connection as a primary, with an AT&T mobile connection as backup. There’s also an Ethernet option. It turns out that the Tesla device exposes a web server with a self-signed certificate running on the standard HTTPS port 443. Lots of information can be gathered just from the interaction with the webserver, such as the power used, the grid’s power draw, the battery percentage, and even its name.

One of the more sensitive problems relates to the weak default credentials used by the platform and the lack of multi-factor authentication for the account.

“For ‘first-time login,’ which seems to be after the gateway has been rebooted (new install, or after a firmware update), a user can log in using any email address, and the last five characters of the gateway serial number,” says the Rapid7 report. “It’s unlikely that most users have logged in the first time, since logging in also stops powerwall/battery operation.”

While possible combinations number in the tens of millions, it can the whittled down. Making things worse, some counties in the United States publish household Tesla Solar and Powerwall install permits to the Internet, which also contain the gateway serial numbers.

The report also highlights a number of other online visibility issues that, in theory, allow third parties to gather relevant data, such as gateway and power wall distribution across the world. Tesla also responded to these security issues and fixed some of them, including the weak credentials, at least for the last generation of products.