A cybersecurity researcher has uncovered a major privacy issue affecting Tesla owners who use a popular third-party tool to track their vehicles.Seyfullah Kiliç, the founder of security firm SwordSec, said he recently discovered more than 1,300 TeslaMate dashboards left openly accessible on the internet, exposing a wide range of sensitive data.
TeslaMate is an open-source platform that allows Tesla drivers to log and visualize details about their cars, such as charging sessions, speed, temperature, and battery health. But when left unprotected, the dashboards also reveal precise GPS histories and driving patterns.
Related: Tesla Hit with $200M in Damages After Autopilot Crash Trial in Florida
In a recent blog post, Kiliç explained that he scanned the web for unsecured TeslaMate installations and collected information such as Tesla model types and last-seen locations. He even plotted the findings on a map to demonstrate just how much information was being leaked.“Drivers are unknowingly broadcasting their daily routines, charging behavior, and even when they’re away on vacation,” Kiliç wrote.
Speaking to TechCrunch, Kiliç said the exercise was meant to raise awareness rather than exploit the data. “The aim was to show that without basic protections, like authentication or firewalls, sensitive vehicle data can end up exposed to the public,” he said.This isn’t the first time TeslaMate exposure has been flagged.
In 2022, another researcher identified several dozen unsecured dashboards, prompting TeslaMate creator Adrian Kumpf to release an update designed to reduce the risk of accidental exposure. But as Kumpf noted at the time, the software can’t prevent users from mistakenly making their dashboards publicly available.
Three years later, Kiliç’s findings suggest the problem has only worsened. Instead of a few dozen, more than a thousand dashboards are now visible to anyone online.Kiliç advised Tesla owners who use TeslaMate to secure their setups immediately. “If you’re running TeslaMate on a server that’s accessible from the internet, authentication is a must,” he said.
