Hundreds of TeslaMate Servers Expose Real-Time Vehicle Data

A security researcher has discovered that hundreds of self-hosted TeslaMate servers are exposing sensitive Tesla vehicle data to the public internet without any authentication, revealing real-time location tracking, charging patterns, and driving habits of unsuspecting owners.

TeslaMate is a popular open-source data logger that connects to Tesla’s official API to collect detailed vehicle telemetry including GPS coordinates, battery health, charging sessions, trip histories, and cabin temperatures.

The application runs on port 4000 and typically includes a Grafana dashboard on port 3000 for data visualization.

Widespread Exposure Discovered

Using internet-wide scanning tools, the researcher identified nearly 900 publicly accessible TeslaMate installations across multiple continents.

The methodology involved scanning the entire IPv4 address space for open port 4000, then filtering results to identify TeslaMate’s distinctive web interface fingerprint.

The exposed servers revealed alarming details about Tesla owners’ daily routines.

The researcher could access exact GPS coordinates of parked vehicles, track ...