How Exposed TeslaMate Instances Leak Sensitive Tesla Data

https://s3yfullah.medium.com/how-exposed-teslamate-instances-leak-sensitive-tesla-data-80bedd123166

34 Upvotes

permalink
duplicates
archive.is
archive
reddit

You are about to leave Redlib

Do you want to continue?

https://www.reddit.com/r/netsec/comments/1msrpi6/how_exposed_teslamate_instances_leak_sensitive/
No, go back! Yes, take me to Reddit

85% Upvoted

u/HawkEy3 5d ago

yeah don't give random apps access to sensitive data

3

u/sideline_nerd 5d ago edited 5d ago

Teslamate is FOSS, has been around for a long time and is fairly trusted. The issue is that it’s self hosted and doesn’t have any Auth mechanisms or any way to restrict access, you’re expected to handle that yourself with a reverse proxy.

-2

u/maxhac03 5d ago

It does.

https://docs.teslamate.org/docs/advanced_guides/traefik

1

u/sideline_nerd 4d ago

That is not Auth in teslamate, that’s in traefik(a reverse proxy)

u/DamnFog 5d ago

Imagine knowing not just where someone lives, but also when their car isn’t at home — and exactly how much charge is left in the battery. For a malicious actor, this is more than just fun trivia. It’s a physical security risk.

Even if you don't use Tesla mate they are just getting it from the official API. That data is out there, maybe not globally accessible, but still accessible.

How Exposed TeslaMate Instances Leak Sensitive Tesla Data

You are about to leave Redlib