90154
Automotive Giants Hit  by Massive Data Breach
Automotive Giants Hit  by Massive Data Breach

Automotive Giants Hit by Massive Data Breach

Automotive Giants Hit by Massive Data Breach

Security researcher UpGuard Cyber Risk disclosed Friday that sensitive documents from more than 100 manufacturing companies, including GM, Fiat Chrysler, Ford, Tesla, Toyota and VW were exposed on a publicly accessible server belonging to Level One Robotics.
The exposure via Level One Robotics, which provides industrial automation services, came through rsync, a common file transfer protocol that is used to back up large data sets, according to UpGuard Cyber Risk, news website Tech Crunch reported.
The breach exposed 157 gigabytes of data—a treasure trove of 10 years of assembly line schematics, factory floor plans and layouts, robotic configurations and documentation, ID badge request forms, VPN access request forms. The breach even included sensitive non-disclosed agreements, including one from Tesla.
According to the security researchers, restrictions were not placed on the rsync server. This means that any rsync client that connected to the rsync port had access to download this data. UpGuard Cyber Risk published its account of how it discovered the data breach to show how a company within a supply chain can affect large companies with seemingly tight security protocols.
This means if someone knew where to look they could access trade secrets closely protected by automakers. It is unclear if any nefarious actors actually got their hands on the data. At least one source at an affected automaker told TechCrunch it does not appear that sensitive or proprietary data was exposed.
UpGuard’s big takeaway in all of this: rsync instances should be restricted by IP address. The researchers also suggest that user access to rsync be set up so that clients have to authenticate before receiving the dataset. Without these measures, rsync is publicly accessible, the researchers said.
The security team discovered the breach on July 1. The company successfully reached Level One by July 9 and the exposure was closed by the following day.

Short URL : https://goo.gl/ubPXir
  1. https://goo.gl/wk7AhR
  • https://goo.gl/fVWkYi
  • https://goo.gl/cFo613
  • https://goo.gl/8cG9fL
  • https://goo.gl/Lz5LxS

You can also read ...

BMW’s Tech-Stuffed Concept SUV Heralds Fancy, Electric Future
Changing notions of what customers want from cars have pushed...
Tesla Hits New Speed Bump
Tesla Inc’s Chief Executive Officer Elon Musk on Sunday...
Oil & Gas Sector Most Conducive for Business
The research arm of Iran’s Parliament has conducted a first-of...
3 CBI Officials  to Leave
Following the recent passage of the law banning the employment...
CBA Concerned About Forex Outflow to Iran
The Central Bank of Afghanistan raised concerns about the...
Anzali Port to Be Connected to National Railroad
Anzali Port in the northern Gilan Province will be connected,...
Mineral Trade Surplus Hits $2.9b
Iran exported more than 25.47 million tons of mineral products...
Departure Tax Revenues  Up 117 Percent
The government earned 3 trillion rials ($24 million) from...

Add new comment

Read our comment policy before posting your viewpoints

Trending

Googleplus