A cybersecurity researcher has identified more than 1,300 publicly accessible TeslaMate dashboards, which allow Tesla owners to log and visualize data from their vehicles, potentially exposing sensitive information including vehicle locations and trip histories, as reported by TechCrunch.
Seyfullah Kiliç, founder of cybersecurity company SwordSec, said the exposed dashboards were likely made public by mistake, allowing anyone to access detailed data without a password.
TeslaMate is an open-source data logger that enables users to track aspects such as battery health, charging sessions, and vehicle temperature, along with more sensitive information like speed and location.
Kiliç scanned the internet for public-facing TeslaMate dashboards and visualized vehicle locations on a map, highlighting the potential privacy risks for vehicle owners. He said the goal was to raise awareness of the exposed servers and urge users to secure their dashboards.
The issue is not new. A 2022 report noted dozens of TeslaMate dashboards exposed online, and the platform’s founder, Adrian Kumpf, had implemented a bug fix to reduce public access. However, Kumpf warned that the system could not prevent users from accidentally exposing their servers.
Kiliç recommended TeslaMate users enable authentication and firewall protections to prevent unintended access. “If you plan to run TeslaMate on a public-facing server, you must secure it,” he said.
