Security researcher maps hundreds of TeslaMate servers spilling Tesla vehicle data

Security researcher Seyfullah Kiliç from SwordSec discovered over 1,300 publicly exposed TeslaMate servers, hobbyist dashboards used by Tesla owners to log detailed vehicle data such as location history, battery health, charging sessions, and speed. These servers, likely made public unintentionally and lacking password protection, allowed anyone on the internet to access sensitive Tesla vehicle information. Kiliç scanned and mapped these exposed dashboards, highlighting the significant privacy risks, including revealing owners’ movements, charging habits, and even vacation times. This issue is not new but appears to have worsened since 2022, when a similar exposure was reported. TeslaMate’s founder previously implemented a bug fix to prevent unauthorized access, but users remain responsible for securing their servers. Kiliç emphasized the importance of enabling authentication and firewall protections to prevent data leaks and urged TeslaMate users to secure their publicly accessible dashboards. The research aims to raise awareness within the Tesla owner and open-source communities about the risks of inadvertently exposing sensitive vehicle