Insecure server in Level 1 Robotics exposes trade secrets of Tesla, GM, Ford any many more

[ItsMitch]

S: Up Guard Security

 

What the hell happened?

Most car manufacturers are now using robotics to help aid them in the manufacturing process and that manufacturing process requires servers to hold the data the robots need to read from, in this instance Level One Robotics had a insecure server that had no password nor IP restrictions on the rsync server. There was a grand total of 157 GB of files located with over 10 years of assembly line schematics, factory floor layouts and much much more

Quote

On July 1st, 2018 the UpGuard Cyber Risk team discovered the exposed rsync server and began analysis. After ownership was determined, attempts to contact Level One were begun on July 5th. After successful contact with Level One on July 9th, the exposure was promptly closed by July 10th. Level One took the exposure very seriously and made every effort to shut it down immediately upon notification.

 

Rsync is a widely used utility for large data transfers, especially backups or keeping files in sync in multiple locations. However, like most tools of its kind, it can be used insecurely if the proper steps are not taken to restrict the rsync service. The details of rsync security can be found in our blog post here, but in summary: rsync instances should be restricted by IP address so that only designated clients can even connect, and user access should be set up so that clients must authenticate before receiving the dataset. Without these measures, rsync is publically accessible.

What exactly was found?

Consumer:

Well, customer data for one, hundreds of NDA documents, robotic configurations, specifications, exact blueprints to the machines, ID's, VPN access request forms and customer contact information. 

Employee: 

Driving license, passport scans, ID photos, employee names and ID numbers.

Level One:

Contract, invoices, price negotiations

 

Timeline:

Exploit located on the 1st of July

Attempted to reach out to Level 1 Robotics on the 5th of July

Level 1 Robotics respond on the 9th of July

Exploit was patched out on the 10th of July

Press is informed on the 20th of July.

[Christophe Corazza]

This is a good reminder to all of us to take a moment this weekend and change ‘password’ to ‘password1'.

[Christophe Corazza]

25 minutes ago, SC2Mitch said:

exposes trade secrets of Tesla

 

When asked about any data compromised in the security breach, Tesla CEO Elon Musk stated, “Sorry pedo hacker guys, you really did ask for it.”

[ScratchCat]

1 hour ago, Christophe Corazza said:

This is a good reminder to all of us to take a moment this weekend and change ‘password’ to ‘password1'.

You need also capital letters and symbols, "Password1!" is so much more secure.

 

Another questions is why this server with authorisation disabled was even connected to the internet, I am surprised that the people who forgot to even enable a password could manage port forwarding (if they just enabled UPnP the tech guy who set it up should be rehired to be fired again).

[ItsMitch]

45 minutes ago, ScratchCat said:

You need also capital letters and symbols, "Password1!" is so much more secure.

 

Another questions is why this server with authorisation disabled was even connected to the internet, I am surprised that the people who forgot to even enable a password could manage port forwarding (if they just enabled UPnP the tech guy who set it up should be rehired to be fired again).

They declined to comment to the press, they just are blanking any kind of requests for comment

[dalekphalm]

Somebody has (or will) lost their job over this.

 

Obviously a big screw up that was easy to avoid. Most likely whoever setup the RSync config was a novice, or was pressed for time, etc. No excuse, but when you're a big IT Team, often times there's no time to check others work.

[Amazonsucks]

 

[PlayStation 2]

Womp womp.

[vanished]

Wow that's horrible for the employees

 

However, I can't help but be very excited at what leaps in technology we might suddenly see with all the those trade secrets now being essentially public knowledge...

 

nvm

Edited July 22, 2018 by Ryan_Vickers

[dalekphalm]

6 hours ago, Ryan_Vickers said:

Wow that's horrible for the employees

 

However, I can't help but be very excited at what leaps in technology we might suddenly see with all the those trade secrets now being essentially public knowledge...

Well I didn’t see any confirmation that data was actually stolen. It’s quite possible though. 

[Jito463]

21 hours ago, Christophe Corazza said:

This is a good reminder to all of us to take a moment this weekend and change ‘password’ to ‘password1'.

Or go "leet" and use 'P4ssw0rd'.

[NMS]

5 minutes ago, Jito463 said:

Or go "leet" and use 'P4ssw0rd'.

Not leet enough.

P4$$w0rd

There, if they asked us, we could've saved that person's job:D

[ItsMitch]

1 hour ago, dalekphalm said:

Well I didn’t see any confirmation that data was actually stolen. It’s quite possible though. 

Correct, only person that had access to the data was Up Guard Security. 

[Jito463]

23 minutes ago, SC2Mitch said:

Correct, only person that had access to the data was Up Guard Security. 

Unless someone had previously discovered the open nature of the server.  Without a thorough examination of the server logs, there's no way to be certain of that.

[vanished]

5 hours ago, dalekphalm said:

Well I didn’t see any confirmation that data was actually stolen. It’s quite possible though. 

Oh, gonna be honest, I totally missed that this was found by a security team.  The title is "data breach" after all which isn't accurate if no data left the company, so that needs to be changed then @SC2Mitch

[ItsMitch]

3 minutes ago, Ryan_Vickers said:

Oh, gonna be honest, I totally missed that this was found by a security team.  The title is "data breach" after all which isn't accurate if no data left the company, so that needs to be changed then @SC2Mitch

Removed 2 words, replaced with two better words  

[dalekphalm]

2 hours ago, Ryan_Vickers said:

Oh, gonna be honest, I totally missed that this was found by a security team.  The title is "data breach" after all which isn't accurate if no data left the company, so that needs to be changed then @SC2Mitch

I actually wonder if the "Security Team" took a copy of the data. They obviously took a screenshot. They must have at least opened up a few folders and/or files since they were able to identify types of content in a fairly detailed manner.

 

I would expect that they deleted any data that they downloaded out of respect (and legal reasons).

[ItsMitch]

1 minute ago, dalekphalm said:

I actually wonder if the "Security Team" took a copy of the data. They obviously took a screenshot. They must have at least opened up a few folders and/or files since they were able to identify types of content in a fairly detailed manner.

 

Yeah, they looked at a few NDA's designed by Tesla & driver licenses and other companies, I'm sure they totally didn't  take a few copies for themselves

[mr moose]

Quote

Insecure server in Level 1 Robotics

 

Did it feel the other severs didn't like it, or was it more just a social, anxiety?

[ItsMitch]

5 minutes ago, mr moose said:

Did it feel the other severs didn't like it, or was it more just a social, anxiety?

Socially mainly, it was fairly lonely, especially at nights.

[mr moose]

1 minute ago, SC2Mitch said:

Socially mainly, it was fairly lonely, especially at nights.

It may also have been at the bottom of the rack, perpetually feeling like it could never get on top of things.

[vanished]

1 hour ago, mr moose said:

 

Did it feel the other severs didn't like it, or was it more just a social, anxiety?

lol yeah perhaps that should be "unsecured"

[DKL]

Scary af. There's not even a list of what companies this affected? Just that there were over a hundred? =/

Also, wtf they were able to WRITE to the server too... so someone could've maliciously modified plans, schematics, etc.

I really hope no one got in, however, given the scale of cyber warfare... I highly doubt it.

[ItsMitch]

3 minutes ago, Ryan_Vickers said:

lol yeah perhaps that should be "unsecured"

can be argued for both

Quote

Insecure means lacking in security. Unsecured means not secured, not fastened,or not guaranteed

but w/e, not arguing. 

Just now, DKL said:

Scary af. There's not even a list of what companies this affected? Just that there were over a hundred? =/

Think there's a list, I'll have a look. 

[vanished]

1 minute ago, SC2Mitch said:

can be argued for both

but w/e, not arguing.

I don't really care one way or another but that would be my suggestion