Sitemap
Open in app

Sign in

Medium Logo
Write
Search

Sign in

How Exposed TeslaMate Instances Leak Sensitive Tesla Data

4 min readAug 17, 2025

Introduction

Press enter or click to view image in full size
TeslaMate Dashboard

As more Tesla owners look for ways to visualize and log their driving data, TeslaMate has become a popular choice. It’s an open-source self-hosted data logger that connects to Tesla’s API and collects rich details: charging sessions, location history, temperatures, battery health, driving speed, and much more.

For enthusiasts, this is gold. But for attackers, it can be gold too — if deployed incorrectly. In this post, I’ll share how I discovered that hundreds of TeslaMate installations are exposed to the internet without authentication, leaking sensitive vehicle data in real time.

What is TeslaMate?

TeslaMate is an open-source data logger and visualizer for Tesla vehicles.

  • It runs as a service, continuously querying Tesla’s official API.
  • It stores data in a database and visualizes it via Grafana dashboards.
  • By default, it exposes:
  • A web interface on port 4000 (TeslaMate core app)
  • A Grafana dashboard on port 3000

While this is excellent for home setups, many users deploy TeslaMate to cloud servers and — often unknowingly — leave it open to the entire internet.

The Experiment: Searching for Exposed Instances

I built a small proof-of-concept scanner to identify publicly accessible TeslaMate deployments. The methodology was simple but effective:

Internet-wide Scanning with Masscan
I used masscan to sweep the entire IPv4 space for open port 4000:

masscan -p4000 0.0.0.0/0 --exclude 255.255.255.255 --rate 500000 -oX output.txt

Running this across multiple 10Gbps servers in a cluster enabled extremely fast, large-scale discovery.

Filtering for TeslaMate
Once I had all hosts with port 4000 open, I ran httpx to probe and look for TeslaMate’s fingerprint (its default HTTP title):

httpx -l output.txt -title -silent -threads 1000 -rl 500 -retries 0 -timeout 2 -p 4000 -ms TeslaMate -o httpx-teslamate.txt

This narrowed the list to confirmed TeslaMate installations.

Web Crawling for Data Collection
I wrote a lightweight crawler to fetch data exposed by these servers. What I found was eye-opening:

  • Exact GPS coordinates of parked or recently driven Teslas
  • Tesla model names and custom nicknames
  • Software versions and update history
  • Timestamps of trips and charging sessions

In some cases, I could even plot Teslas’ daily routines on a map, identifying home addresses, commute patterns, and frequently visited places.

Bonus: Finding TeslaMate via Domains
Beyond IPs, TeslaMate apps can also be found by analyzing CommonCrawl archives. Many users run TeslaMate behind domains, making them equally discoverable.

Visualizing the Risk

By combining GPS coordinates with open-source JavaScript mapping libraries, I generated maps showing the real-world distribution of hundreds of exposed Teslas.

https://teslamap.io

Press enter or click to view image in full size
teslamap.io | Map created from exposed TeslaMate instances

Imagine knowing not just where someone lives, but also when their car isn’t at home — and exactly how much charge is left in the battery. For a malicious actor, this is more than just fun trivia. It’s a physical security risk.

Why This Matters

Press enter or click to view image in full size
TeslaMate ‘Settings’ page

The root issue is simple: TeslaMate has no built-in authentication for critical endpoints.

  • If you expose port 4000 to the internet, anyone can view your Tesla data.
  • The Settings page also has no access control, meaning attackers could potentially alter configurations.
  • Grafana (port 3000) often ships with default/weak credentials, another common oversight.

For everyday Tesla owners deploying TeslaMate, this is dangerous. You’re unintentionally sharing your car’s movements, charging habits, and even vacation times with the entire world.

Responsible Setup: How to Stay Safe

If you plan to run TeslaMate on a public-facing server, you must secure it:

Enable Basic Authentication
Even a simple username/password layer is enough to stop casual scanning attacks.
Example with Nginx reverse proxy:

location / {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.htpasswd;
    proxy_pass http://localhost:4000;
}

Firewall It
Limit access to trusted IPs only, or bind the service to localhost and expose it only through a VPN.

Final Thoughts

TeslaMate is a fantastic project that adds huge value for Tesla enthusiasts. But like many open-source tools, it was built for personal use — not internet-scale exposure.

Unfortunately, many users skip basic security practices, leaving a goldmine of sensitive data open to the world.

If you’re a Tesla owner using TeslaMate, do yourself a favor: secure it today.
If you’re a developer building similar projects, take note: authentication and access control aren’t optional — they’re essential.

Ethical Note: This research was conducted for educational purposes only. No data was misused, and all findings were responsibly disclosed to raise awareness.

swordsec.com | Reduce your Attack Surface
Cybersecurity
Cyber Security Awareness
Tesla
Osint
Osint Investigation

--

--

Seyfullah KILIÇ
Seyfullah KILIÇ

Written by Seyfullah KILIÇ

549 followers
115 following

Web Application Security and #OSINT Specialist || Listed on Google Security Hall of Fame Page | CEO at swordsec.com

Responses (1)

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech