iTnews

Insecure server left carmakers' trade secrets wide open

By Juha Saarinen on Jul 23, 2018 4:45AM
Insecure server left carmakers' trade secrets wide open

Exposes 157GB from Tesla, Toyota, GM and others.

A misconfigured data transfer server left sensitive data from big name car makers and their employees wide open to the internet, a security vendor has revealed.

Canada's Level One Robotics, which provides automation services for global companies such as VW, Chrysler, Ford, Toyota, Tesla and ThyssenKrupp, is at the centre of the incident.

The company uses the open source rsync data transfer and synchronisation utility to mirror information across internet-connected servers.

However, researchers at Upguard discovered and made public that Level One's Robotics rsync setup did not limit which clients could access it.

This meant anyone who could connect to the rsync server at Level One Robotics and download the data it stored.

All in all, some 157GB of sensitive information was left exposed by Level One Robotics.

This included customer data such as factory plans, assembly line schematics, robot configurations, identity badge requests and virtual private networking access forms, along with non-disclosure agreements.

Ford Thailand, Toyota Canada, GM, KUKA, Pratt & Whitney, Tesla, and VW Group of America are some of the big name manufacturers whose data was left exposed.

Upguard also found sensitive Level One Robotics data for employees, including scans of passports, driver's licenses and other identification.

Level One Robotics' corporate data was also included in the rsync collection with invoices, price lists, insurance polices and other enterprise business documents stored on the server.

Not only did Level One Robotics not limit access to the rsync server, but it was also configured to allow anyone write to it as well.

This left files stored on the rsync server open to manipulation and alteration.

Upguard said bank account numbers for direct deposits could have been changed in business documents, or malware planted in the files on the server.

The insecure server was discovered by Upguard on July 1, and Level One Robotics closed off access to it on July 10.

Neither Upguard nor Level One Robotics have said how long the rsync server was left exposed, or if there was any unauthorised access to it.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
gm level one robotics security tesla toyota

Partner Content

Do you know where your data sleeps at night?
Promoted Content Do you know where your data sleeps at night?
Why cloud data protection is about more than just backup
Promoted Content Why cloud data protection is about more than just backup
Five ways Russian cybercrime tactics have changed
Promoted Content Five ways Russian cybercrime tactics have changed
Business email: the ultimate playground for cybercriminals
Promoted Content Business email: the ultimate playground for cybercriminals

Sponsored Whitepapers

Understanding the next security control points: applications and workloads
Understanding the next security control points: applications and workloads
Best security practices after rapid Digital Transformation
Best security practices after rapid Digital Transformation
The CISO View 2021 Survey: Zero Trust and Privileged Access
The CISO View 2021 Survey: Zero Trust and Privileged Access
How and why to backup your Office 365 tenant
How and why to backup your Office 365 tenant
ForgeRock for Australia’s Trusted Digital Identity Framework (TDIF)
ForgeRock for Australia’s Trusted Digital Identity Framework (TDIF)
By Juha Saarinen
Jul 23 2018
4:45AM
0 Comments

Related Articles

  • Toyota Australia rebuilt IT from incomplete info after cyber attack
  • South Australian gov issues breach notice to hacked payroll provider
  • Microsoft observes destructive malware in Ukraine govt agency systems
  • Ukraine suspects group linked to Belarus intelligence over cyber attack
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Infosys gets another $71m for Centrelink calculation engine work

Infosys gets another $71m for Centrelink calculation engine work
Signal encrypted messaging app founder calls it quits

Signal encrypted messaging app founder calls it quits
NBN Co asks ACCC to closely police any functional separation of TPG Telecom

NBN Co asks ACCC to closely police any functional separation of TPG Telecom
Victoria Police's digital chief departs

Victoria Police's digital chief departs

Digital Nation

Highlights 2021: Automation drives marketing success but complexity torments delivery
Highlights 2021: Automation drives marketing success but complexity torments delivery
Case Study: Intrepid Group uses global travel shutdown to reimagine HR function
Case Study: Intrepid Group uses global travel shutdown to reimagine HR function
Case Study: Keeping CPA's board up to date about cybersecurity risks
Case Study: Keeping CPA's board up to date about cybersecurity risks
Catastrophic governance failures are rooted in organisational culture
Catastrophic governance failures are rooted in organisational culture
Fringe innovation unlocks power of diverse thinking
Fringe innovation unlocks power of diverse thinking
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.