Mercedes-Benz onboard logic unit (OLU) source code

Avtomobili, motorji, pa še kaj drugega, ki se giblje, bi bilo povsem nebogljeno brez vsaj elektronike. Tu torej spadajo ideje, popravila in predstavitve s tega področja

Mercedes-Benz onboard logic unit (OLU) source code

OdgovorNapisal/-a s54mtb » 21 Maj 2020, 08:23

https://www.zdnet.com/article/mercedes- ... ks-online/

Mercedes-Benz onboard logic unit (OLU) source code leaks online

Daimler allowed anyone to register on one of its on-premise GitLab servers.


The source code for "smart car" components installed in Mercedez-Benz vans has been leaked online over the weekend, ZDNet has learned.

The leak occurred after Till Kottmann, a Swiss-based software engineer, discovered a Git web portal belonging to Daimler AG, the German automotive company behind the Mercedes-Benz car brand.

Kottmann told ZDNet that he was able to register an account on Daimler's code-hosting portal, and then download more than 580 Git repositories containing the source code of onboard logic units (OLUs) installed in Mercedez vans.
What's an OLU?

According to the Daimler website, the OLU is a component that sits between the car's hardware and software, and "connects vehicles to the cloud."

Daimler says the OLU "simplifies technical access and the management of live vehicle data" and allows third-party developers to create apps that retrieve data from Mercedes vans.

These apps are usually employed for features such as tracking vans while on the road, tracking a van's internal status, or for freezing vans in case of theft.
Unsecured GitLab installation leaks OLU code

Kottmann told ZDNet in an interview today that he found Daimler's GitLab server using something as simple as Google dorks (specialized Google search queries).

GitLab is a web-based software package that companies use to centralize work on Git repositories.

Git is specialized software for keeping track of changes in source code and is allows multi-person engineering teams to write code and then synchronize it to a central server -- in this case, Daimler's GitLab-based web portal.

"I often just hunt for interesting GitLab instances, mostly with just simple Google dorks, when I'm bored, and I keep being amazed by how little thought seems to go into the security settings," Kottmann told ZDNet.

"This was honestly just a very lucky find while I was going through some brand names I hadn't checked before in hopes of finding like some small contractors or something."

Kottmann says Daimler failed to implement an account confirmation process, which allowed him to register an account on the company's official GitLab server using a non-existent Daimler corporate email.

The researcher says he downloaded more than 580 Git repositories from the company's server, which he made publicly available over the weekend, uploading the files in several locations such as file-hosting service MEGA, the Internet Archive, and on his own GitLab server.


Repo:
https://git.rip/exconfidential/daimler
Namesto "Zahvali se" sprejemam tudi šalco kofeta: https://www.buymeacoffee.com/s54mtb
Uporabniški avatar
s54mtb
 
Prispevkov: 11180
Pridružen: 15 Jan 2015, 01:10
Zahvalil se je: 1555 krat
Prejel zahvalo: 4054 krat
Uporabnika povabil: Vrtni palček
Število neizkoriščenih povabil: 255

Vrni se na Elektronika v vozilih

Kdo je na strani

Po forumu brska: 0 registriranih uporabnikov in 1 gost