{"id":83323,"date":"2025-08-27T14:33:20","date_gmt":"2025-08-27T18:33:20","guid":{"rendered":"http:\/\/autosector.com\/?p=83323"},"modified":"2025-08-27T14:33:20","modified_gmt":"2025-08-27T18:33:20","slug":"teslamate-unsecured-dashboard-tesla-location","status":"publish","type":"post","link":"http:\/\/autosector.com\/?p=83323","title":{"rendered":"Thousands Of Tesla EVs Can Be Located In Real Time, Security Researcher Finds"},"content":{"rendered":"<ul>\n<li>A security researcher discovered over 1,300 publicly accessible TeslaMate dashboards.<\/li>\n<li>The unsecured dashboards can disclose the location of Tesla vehicles.<\/li>\n<li>Without even a simple username and password protection layer, the researcher could alter the app\u2019s settings remotely.<\/li>\n<\/ul>\n<p>Over 1,300 publicly accessible TeslaMate dashboards were discovered by Seyfullah Kili\u00e7, founder of cybersecurity company SwordSec, by scanning the internet with simple tools to expose instances that were not secured, either with a password or behind a firewall or a virtual private network VPN).<\/p>\n<p>TeslaMate is an open-source data logger and visualizer for Tesla electric vehicles, which allows owners to run a server and keep tabs on charging sessions, temperatures, battery health, driving speed, location history and much more. It\u2019s great for enthusiasts because it\u2019s free, but there\u2019s a potential for information leaks if the server is hosted on the internet without any protection.<\/p>\n<section contenteditable=\"false\" draggable=\"true\" data-widget=\"special_image\" data-align=\"center\" data-source=\"{&quot;source_id&quot;:&quot;3358&quot;,&quot;title&quot;:&quot;SwordSec&quot;}\" readability=\"2\"><span class=\"svg-search\"><br \/>\n    <svg>\n        <use xlink:href=\"https:\/\/insideevs.com\/design\/dist\/critical\/icons\/sprite-common-0-c97ccff7c5ae8038b0af0c30da76004a.svg#semidir\"\/>\n    <\/svg><br \/>\n<\/span> <\/p>\n<div class=\"spi_wrapper\"><a class=\"lightzoom\" href=\"https:\/\/cdn.motor1.com\/images\/custom\/teslamate-north-america.jpg\"> <img loading=\"lazy\" decoding=\"async\" class=\"custom-image\" draggable=\"false\" src=\"https:\/\/cdn.motor1.com\/images\/custom\/thumbnail\/teslamate-north-america.jpg\" alt=\"A map of Tesla vehicles linked to unsecured TeslaMate dashboards in North America.\" width=\"2310\" height=\"1299\" loading=\"lazy\"\/> <\/a><\/div>\n<p>A map of Tesla vehicles linked to unsecured TeslaMate dashboards in North America.<\/p>\n<p>Photo by: SwordSec<\/p>\n<\/section>\n<p>As reported by <a href=\"https:\/\/techcrunch.com\/2025\/08\/26\/security-researcher-maps-hundreds-of-teslamate-servers-spilling-tesla-vehicle-data\/\" target=\"_blank\" rel=\"noopener noreferrer\"><em>TechCrunch<\/em><\/a>, Kili\u00e7 wrote in <a href=\"https:\/\/s3yfullah.medium.com\/how-exposed-teslamate-instances-leak-sensitive-tesla-data-80bedd123166\" target=\"_blank\" rel=\"noopener noreferrer\">a blog post<\/a> that he was able to access everything on the discovered TeslaMate instances, including the location of the vehicles, which allowed him to build a <a href=\"https:\/\/teslamap.io\/?i=1\" target=\"_blank\" rel=\"noopener noreferrer\">map<\/a> of cars that are running potentially compromised TeslaMate installations. And because the servers were not protected in any way, he could also change settings for data collection, just like the owner would.<\/p>\n<p>\u201cFor everyday Tesla owners deploying TeslaMate, this is dangerous,\u201d the researcher wrote. \u201cYou\u2019re unintentionally sharing your car\u2019s movements, charging habits, and even vacation times with the entire world.\u201d<\/p>\n<section class=\"relatedContent-new\" contenteditable=\"false\" draggable=\"true\" data-widget=\"related-content\" data-widget-size=\"content\" data-params=\"%7B%22type_id%22%3A0%2C%22title_id%22%3A%22%22%2C%22items%22%3A%5B%7B%22article_edition_id%22%3A%22728145%22%2C%22title%22%3A%22Car%20Companies%20Know%20When%20You%20Speed.%20Then%20They%20Sell%20That%20Data%22%2C%22alias%22%3A%22car-data-insurance-gm-hyndai%22%2C%22section%22%3A%221%22%2C%22is_video%22%3A%220%22%2C%22images%22%3A%7B%22s5%22%3A%22https%3A%2F%2Fcdn.motor1.com%2Fimages%2Fmgl%2F1ZKGJw%2Fs5%2Fcar-data-top-2.jpg%22%7D%7D%2C%7B%22article_edition_id%22%3A%22661498%22%2C%22title%22%3A%22Tesla%20Hit%20With%20Class%20Action%20Lawsuit%20Following%20Privacy%20Intrusion%20Allegations%22%2C%22alias%22%3A%22tesla-class-action-lawsuit-privacy%22%2C%22section%22%3A%221%22%2C%22is_video%22%3A%220%22%2C%22images%22%3A%7B%22s5%22%3A%22https%3A%2F%2Fcdn.motor1.com%2Fimages%2Fmgl%2FKbmNjG%2Fs5%2Ftesla-electric-cars.jpg%22%7D%7D%2C%7B%22article_edition_id%22%3A%22496449%22%2C%22title%22%3A%22Consumer%20Reports%20Voices%20Privacy%20Concerns%20Over%20Tesla's%20In-Car%20Camera%22%2C%22alias%22%3A%22tesla-in-car-camera-privacy%22%2C%22section%22%3A%221%22%2C%22is_video%22%3A%220%22%2C%22images%22%3A%7B%22s5%22%3A%22https%3A%2F%2Fcdn.motor1.com%2Fimages%2Fmgl%2Fzbz4L%2Fs5%2Fnew-video-by-mit-dives-into-tesla-autopilot-and-other-self-driving-tech.jpg%22%7D%7D%2C%7B%22article_edition_id%22%3A%22732178%22%2C%22title%22%3A%22The%20Ultimate%20'Connected%20Car'%20Nightmare%20Is%20Playing%20Out%20In%20China%22%2C%22alias%22%3A%22car-software-fail-wm-motor%22%2C%22section%22%3A%221%22%2C%22is_video%22%3A%220%22%2C%22images%22%3A%7B%22s5%22%3A%22https%3A%2F%2Fcdn.motor1.com%2Fimages%2Fmgl%2F0eWenk%2Fs5%2Fwm-motor-software-top.jpg%22%7D%7D%5D%7D\">   <\/section>\n<p>So, what can be done to limit this sort of leak? The TeslaMate server must be secured, according to Seyfullah Kili\u00e7, either by enabling basic username and password authentication, limiting access to trusted IP addresses, or binding the service to the local host and exposing it only through a VPN.<\/p>\n<p>\u201cIf you\u2019re a Tesla owner using TeslaMate, do yourself a favor: secure it today,\u201d Kili\u00e7 said. \u201cIf you\u2019re a developer building similar projects, take note: authentication and access control aren\u2019t optional\u2013they\u2019re essential.\u201d<\/p>\n<p>The researcher told <em>TechCrunch<\/em> that he made his findings public to raise awareness of the number of exposed servers, adding that while this is not a new problem, the number of exposed TeslaMate dashboards has increased significantly since 2022. Back then, another security researcher found dozens of publicly available TeslaMate dashboards. Now, that number has shot up to over a thousand.<\/p>\n<section class=\"widget-newsletter\" contenteditable=\"false\" draggable=\"true\" data-widget=\"widget-newsletter\" readability=\"-19.086614173228\">\n<\/section>\n<p>                                                                        <!-- new gallery place, attached gallery --><\/p>\n<div class=\"group isBottomShare mb-spacing-md-lg\">\n<p>\n                                    Share this Story                                <\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>A security researcher discovered over 1,300 publicly accessible TeslaMate dashboards. The unsecured dashboards can disclose the location of Tesla vehicles. Without even a simple username and password protection layer, the researcher could alter the app\u2019s settings remotely. Over 1,300 publicly accessible TeslaMate dashboards were discovered by Seyfullah Kili\u00e7, founder of cybersecurity company SwordSec, by scanning [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":83324,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[4],"tags":[],"class_list":["post-83323","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-e-cars"],"_links":{"self":[{"href":"http:\/\/autosector.com\/index.php?rest_route=\/wp\/v2\/posts\/83323","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/autosector.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/autosector.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/autosector.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/autosector.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=83323"}],"version-history":[{"count":0,"href":"http:\/\/autosector.com\/index.php?rest_route=\/wp\/v2\/posts\/83323\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/autosector.com\/index.php?rest_route=\/wp\/v2\/media\/83324"}],"wp:attachment":[{"href":"http:\/\/autosector.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=83323"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/autosector.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=83323"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/autosector.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=83323"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}