or firewall rules, sensitive data (GPS, charging, trips) can be leaked,” said Kiliç.
While not a new problem, Kiliç shows that the number of exposed TeslaMate dashboards has gone up significantly since the last count back in 2022, when a security researcher at the time found dozens of public TeslaMate dashboards exposed to the web.
Now, more than three years later, another security researcher has found more than a thousand self-hosted TeslaMate servers on the web and mapped them, showing that the problem has seemingly gotten worse.
TeslaMate’s founder, Adrian Kumpf, told TechCrunch in 2022 that a bug fix was rolled out that aimed to protect against public access to customers’ dashboards, but warned that the project could not protect against users accidentally exposing their TeslaMate servers to the internet.
Kiliç said TeslaMate users should enable authentication on their servers to prevent public access.
“If you plan to run TeslaMate on a public-facing server, you must secure it,” wrote Kiliç.
