UPDATED 23:09 EDT / JULY 22 2018

INFRA

Robotics company data breach exposes trade secrets of Tesla and leading car makers

A data breach at a leading Canadian robotics company has exposed the trade secrets of a range of leading automakers and Tesla Inc. in seemingly yet-another case of misconfigured storage.

The breach was discovered by security researchers at UpGuard Inc., which announced it Friday. The data was found via rsync, a common file transfer protocol used to mirror or back up large data sets used by Level One Robotics and Controls Inc.

The data sets included data from more than 100 manufacturing companies, including General Motors Co., Fiat Chrysler Automobiles N.V., Ford Motor Co., Tesla Inc., Toyota Motor Corp., ThyssenKrupp AG and Volkswagen AG. The data varied among files and company but is said to have included data in three categories, including:

  • Customer data: assembly line and factory schematics; non-disclosure agreements; robotic configurations, specifications, animations, and blueprints; ID badge and VPN access request forms; customer contact information
  • Employee data: driver’s license and passport scans, ID photos (likely for badges); employee names and ID numbers
  • Level One data: contracts, invoices, price negotiations and scopes of work, customer agreements

If the data being exposed wasn’t bad enough, the UpGuard researchers noted that the permissions set on the rsync server at the time of the discovery indicated that the server was publicly writable, “meaning that someone could potentially have altered the documents there, for example replacing bank account numbers in direct deposit instructions or embedding malware.”

UpGuard informed the Level One Robotics of the data breach on July 9 and the company quickly removed the data from online access, but it isn’t known whether nefarious actors had accessed the data prior to that point.

Fred Kneip, chief executive officer at CyberGRX Inc., told SiliconANGLE that as organizations’ digital ecosystems have expanded to include hundreds or even thousands of vendors, contractors, customers and suppliers, it’s more apparent than ever that third-party cyberrisk needs to be continuously managed.

“If you don’t understand which third parties with access to your network present the greatest risk to your data, your digital ecosystem becomes a ticking time bomb just waiting to be exploited,” Kneip explained. “That’s exactly what happened to Toyota, Tesla and Volkswagen. It’s just one vulnerability in one of thousands of suppliers, but the impact could be enormous.”

Photo: Publicdomainpictures

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.