Supplier leaks data of Tesla, Fiat, VW

Back to Press Archive

If you want to attack a major organization, you do not use the main entrance. You want to use the delivery gate. This old piece of wisdom has become a painful reality for Fiat, Tesla, General Motors, Volkswagen, ThyssenKrupp and others.

At the end of last week, news broke about roughly 160 GB worth of data from several car makers and other industrial corporations being stored on a publicly accessible system. Among the data were things like internal forms, factory floor layouts, invoices as well as configuration data. The system the data was stored on belongs to Level One Robotics and was apparently used for backups. However, instead of storing the data in a manner which provides isolation from the data of other customers, a security research firm states that the data was stored in a way that allowed access to data that people should not be privy to. All that was required was a valid login for the system as well as a bit of basic knowledge.

Through the delivery gate

What makes this strategy particulartly risky is the fact that the data also contained trade secrets which are closely guarded by their originating companies. Even confidential documents such as a non-disclosure agreement from Tesla Motors were found. In a world in which many companies are relucatant to even talk about their customers, those revelations have an even bigger significance. Even if you just had the information from the directory listing of the affected system, you would have a piece of information that would be critical. IF an attacker knows that a company works with a particular supplier, they could mount a successful attack based on this. Social Engineering is only one of the possible deployable tactics.

Staying vigilant

Events such as this one should also serve as a reminder for organizations not only to take their own security serious, but also to take a close look at the security of organizations they work with. In order for this to work, trust must be established. Without trust, it is almost impossible to establish a business relation, especially nowadays.

G DATA Software AG, with its head office in Bochum, is an innovative and quickly expanding software house focusing on antivirus security solutions. As a specialist in Internet security and pioneer in the field of virus protection, the company, founded in Bochum in 1985, developed the first antivirus program more than 20 years ago and celebrated its 25th birthday in 2010. Consequently G DATA is amongst the eldest security software companies in the world.
Over more than five years, no other European security software provider has won national and international tests and awards more frequently than G DATA. When it comes to quality, G DATA is a world leader, combining the world’s best security technologies in its antivirus products. Examples of this are its DoubleScan technology, with two independent virus scanners, and OutbreakShield instant protection. G DATA security solutions are available worldwide in more than 90 countries.

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to Press Archive