Posts

Tesla, VW data was left exposed by supply chain vendor Level One Robotics

Tesla, VW, and dozens of other manufacturers had their sensitive information exposed due to a weak security link in their supply chains. The exposure occurred at industrial automation provider Level One Robotics via an inadequately secured rsync file transfer protocol server, according to researchers at UpGuard Cyber Risk. The researchers found the server wasn't restricted meaning clients connected to it could access the data and with the right knowledge of where trade secrets were stored could pilfer them. In addition, "the permissions set on the rsync server at the time of the discovery indicated that the server was publicly writable, meaning that someone could potentially have altered the documents there, for example replacing bank account numbers in direct deposit instructions or embedding malware," a situation, UpGuard researchers wrote in a blog post, that poses a "significant risk." Researchers couldn't determine whether miscreants had accesse
Post a Comment
Read more

Data Exposure Hints at Risks to Automakers

Cybersecurity company UpGuard reported that it had discovered data from GM, Ford, Fiat Chrysler, Toyota, Volkswagen, Tesla and other companies accessible on the open Internet. Much of the information was confidential, including non-disclosure agreements that described the sensitivity of certain kinds of data. UpGuard’s research didn’t determine whether any of the data had been improperly downloaded. Level One Robotics and Controls, a small supplier of manufacturing technology based in Canada, inadvertently exposed the 157GB of data on a network-attached storage device by configuring a server in an insecure way, said Chris Vickery, UpGuard’s director of cyber risk research. Anyone using a certain file transfer protocol could have seen or even modified the data, he wrote in a blog post. In a statement e-mailed to The Connected Car, Level One said it has taken the storage device offline. “I can confirm that on July 9th, we were made aware of a claim from UpGuard about an incident
Post a Comment
Read more