Imagine pulling up your car’s data, only to find someone else could easily peek at your every move. That’s the unsettling reality for many Tesla owners right now. A cybersecurity expert just found over 1,300 servers used by Tesla owners are wide open on the internet. These servers hold deeply personal information, like where cars have been and how they charge. It’s a real wake-up call for privacy.
Seyfullah Kiliç, who runs the cybersecurity firm SwordSec, uncovered this huge privacy issue. He found these servers without any locks or login steps. Anyone could see where a Tesla drove, how fast it went, the car’s inside temperature, its battery level, and when it charged. This means your private trips and even vacation spots might be visible to strangers.
When Self-Hosting Creates Risk
The exposed data comes from a tool called TeslaMate. This is open-source software that lets Tesla owners host their vehicle data themselves. They can then see it in custom dashboards. It sounds useful for tracking your car, but a simple mistake in setting it up can open a digital window into your private life.
Kiliç shared examples on his blog. He showed maps detailing the last known location of vehicles and their specific models. He warned that people are “unwillingly sharing car movements, charging habits, and even vacation periods with the entire world.” His main goal was to make users and the open-source community aware of these risks. He wants everyone to understand the importance of securing these servers with proper login steps and firewalls.
A Problem That Keeps Growing
This isn’t a brand-new issue. Back in 2022, another researcher found dozens of exposed TeslaMate servers. However, Kiliç’s work shows the problem has gotten much worse. The number of exposed servers has jumped to over a thousand in just three years. This shows that many users still aren’t getting the message about security.
Adrian Kumpf, who created TeslaMate, did release a fix earlier. This fix was supposed to stop unwanted access. But he also warned that the software can’t stop users from setting up their own servers poorly. It’s like leaving your front door unlocked after installing a new security system. The system works, but you still need to use it right.
Keep Your Tesla’s Data Safe
Kiliç has a very clear message for anyone using TeslaMate on a public server. He says you must turn on mandatory authentication. This stops just anyone from getting to your data. “If you plan to run TeslaMate on a public server, you must protect it,” he emphasized. It’s a vital reminder that even with the best tools, our digital security often rests in our own hands.