Mercedes-Benz on-vehicle processing unit (OLU) source code leaked
There is a problem with the security setting of Git repository manager / GitLab, which is operated by the automaker Daimler known by brands such as 'Mercedes-Benz', and there is a problem in the security setting of GitLab. Software engineer Till Cotman reported that the source code had become visible.
the leak is around 550 repos and very well documented.
— Till Kottmann (@deletescape) May 15, 2020
they are from one of the largest german corporations.
it's a hardware platform for a very specific usecase, but this leak should allow recreating it with low cost hardware.
???? https://t.co/T4cU8q003Q pic.twitter.com/pLk6nUH0me
— Till Kottmann (@deletescape) May 17, 2020
There are many cases where Git repository managers have been introduced to manage software projects, including Daimler, an automobile manufacturer that develops brands such as 'Mercedes-Benz' and 'Unimog.' Daimler introduced GitLab and operated it in-house, and placed the OLU source code.
OLU is, according to Daimler's site , 'an' innovative control unit 'that enables effective interaction between hardware and software,' and by connecting the vehicle to the cloud, it has no vehicle expertise, for example. ' Users can easily manage the vehicle, and third-party manufacturers can easily and quickly develop applications and install them on the vehicle.
This time, Mr. Cotman discovered Daimler's GitLab because he originally searched for 'Is there an interesting GitLab instance?' Daimler's GitLab has a flaw in the confirmation process at the time of account registration, and because it was possible to register an account even with the email address of an employee who does not exist at Daimler, Mr. Kotman was able to see more than 580 Git repositories.
Mercedes-Benz onboard logic unit (OLU) source code leaks online | ZDNet
https://www.zdnet.com/article/mercedes-benz-onboard-logic-unit-olu-source-code-leaks-online/
After confirming the content by the news site ZDNet, there is no license of the material that is 'open source', and it is considered that the material is not intended to be disclosed to the outside. On the other hand, there was no mention that the material was proprietary technology . When I contacted Daimler about the information leak, Daimler dropped the GitLab server.
Related Posts: