Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Mercedes-Benz. Show all posts

Mercedes-Benz Accidentally Reveals Secret Code

 



Mercedes-Benz faces the spotlight as a critical breach comes to light. RedHunt Labs, a cybersecurity firm, discovered a serious vulnerability in Mercedes's digital security, allowing unauthorised entry to confidential internal data. Shubham Mittal, Chief Technology Officer at RedHunt Labs, found an employee's access token exposed on a public GitHub repository during a routine scan in January. This access token, initially meant for secure entry, inadvertently served as the gateway to Mercedes's GitHub Enterprise Server, posing a risk to sensitive source code repositories. The incident reiterates the importance of robust cybersecurity measures and highlights potential risks associated with digital access points.

Mittal found an employee's authentication token, an alternative to passwords, exposed in a public GitHub repository. This token provided unrestricted access to Mercedes's GitHub Enterprise Server, allowing the unauthorised download of private source code repositories. These repositories contained a wealth of intellectual property, including connection strings, cloud access keys, blueprints, design documents, single sign-on passwords, API keys, and other crucial internal details.

The exposed repositories were found to include Microsoft Azure and Amazon Web Services (AWS) keys, a Postgres database, and actual Mercedes source code. Although it remains unclear whether customer data was compromised, the severity of the breach cannot be underestimated.

Upon notification from RedHunt Labs, Mercedes responded by revoking the API token and removing the public repository. Katja Liesenfeld, a Mercedes spokesperson, acknowledged the error, stating, "The security of our organisation, products, and services is one of our top priorities." Liesenfeld assured that the company would thoroughly analyse the incident and take appropriate remedial measures.

The incident, which occurred in late September 2023, raises concerns about the potential exposure of the key to third parties. Mercedes has not confirmed if others discovered the exposed key or if the company possesses the technical means to track any unauthorised access to its data repositories.

This incident comes on the heels of a similar security concern with Hyundai's India subsidiary, where a bug exposed customers' personal information. The information included names, mailing addresses, email addresses, and phone numbers of Hyundai Motor India customers who had their vehicles serviced at Hyundai-owned stations across India.

These security lapses highlight the importance of robust cybersecurity measures in an era where digital threats are increasingly sophisticated. Companies must prioritise the safeguarding of sensitive data to protect both their intellectual property and customer information.

As the situation unfolds, Mercedes will undoubtedly face scrutiny over its security protocols, emphasising the need for transparency and diligence in handling such sensitive matters. Consumers are reminded to remain vigilant about the cybersecurity practices of the companies they entrust with their data.


Recovered Stolen Mercedes Offers Glimpse into Hijackers' Tactics

 

A recently recovered Mercedes-Benz, which had been stolen and then found equipped with counterfeit license plates and a forged license disc, has shed light on the operational tactics of hijacking syndicates and their ability to exploit technological advancements to evade capture.

Specialist investigator Mike Bolhuis, drawing on his extensive experience in investigating serious, violent, and cyber crimes, shared insights regarding the strategies employed by hijackers to conceal their identities and mask stolen vehicles.

Marshall Security, on Tuesday, announced the retrieval of a stolen Mercedes-Benz C200 along Sinembe Crescent near uMhlanga Rocks Drive, situated in the Somerset Park region. This vehicle was reportedly taken from Reservoir Hills the previous week.

Following the recovery, Marshall Security disclosed that the abandoned vehicle was equipped with fraudulent plates and a counterfeit license disc. The South African Police Service (SAPS) had been actively searching for the vehicle.

However, as Bolhuis emphasizes, false license discs and plates merely scratch the surface of the broader issue associated with hijacking. Criminals exploit technological advancements, while law enforcement faces challenges in combating these crimes.

Bolhuis characterizes the methods employed by criminals to mask their identities and switch between aliases as a form of cybercrime. He explains that criminals employ fabricated identities and counterfeit information for vehicles, often with assistance from corrupt individuals within various sectors.

These criminal activities are grounded in cybercrime, a global concern. Criminals exploit this digital realm to fabricate false documents routinely, rendering their capture challenging. Bolhuis asserts that law enforcement's struggle against digital crimes is compounded by their limited capacity, enabling criminals to exploit this weakness.

He asserts that the primary means of apprehending these criminals involves witnesses, forensic information, or digital tracking. Bolhuis highlights the necessity of gathering forensic evidence, citing the potential of trace elements such as saliva or hair follicles, as well as using indicators like dirt on wheels to deduce the stolen vehicle's movements.

Upon stealing a vehicle, criminals adapt their approach based on their objectives. They may fulfill orders for high-end vehicles or employ the stolen cars in the commission of other crimes. Vehicles are sometimes used to ram cash-transit vehicles or for ATM bombings before being left at the scene. Bolhuis particularly underscores the importance of forensic data in narrowing down suspects.

The latest statistics from the South African Police Service (SAPS) reveal that between April and June 2023, 9,081 motor vehicles and motorcycles were reported as stolen. Carjackings accounted for a significant portion, with 2,591 sedans, coupes, and hatchbacks stolen, along with 1,582 bakkies.

The Western Cape and Gauteng regions of South Africa experienced the highest incidence of carjackings, reflecting the pervasive nature of this criminal phenomenon.