Mercedes smart car feature code leaking |
According to a new report, the source code for "smart car" components installed in Mercedes cars has leaked onto the Internet this weekend. The leak occurred when software developer (Till Kottmann) discovered the website of the German company (Daimler) Daimler The gate (GitLab) of Mercedes vehicles was built.
Developers can register an account at the Daimler code hosting portal, then download more than 580 software repositories from the GitLab repository, which in turn contains the OLU source code installed in Mercedes cars.
Integrated logical unit:
According to the Daimler website, OLU is a component of vehicle hardware and software that connects the vehicle to the cloud.
According to Daimler, the OLU component simplifies technical access and direct management of vehicle data and enables third-party developers to create applications that can be used to retrieve data from Mercedes trucks.
These applications are widely used to perform functions such as tracking trucks on the road, monitoring the truck's internal conditions, or preventing the truck from rolling in case of theft.
Katman used a special Google search query to access the GitLab server in Daimler. The developer said that Daimler did not complete the account verification process, which allowed him to use Daimler. Current email records an account on the company's official GitLab server.
GitLab is a web-based software package that enables companies to focus their work on the Git Repository, a special program for tracking changes in source code that allows engineering teams to write code from multiple people. Sync copies with the central server.
An unpublished Git repository file contains an open source license indicating that this is private information and should not be shared.
The information includes the Mercedes OLU source code for Mercedes trucks as well as Daimler interior components, internal documentation and code examples for managing remote OLU units.
Although the leak initially seemed harmless, the Daimler internal password and unique API are discovered under "hacked" scan data, so that the password and token can be used to plan a future invasion of Daimler's cloud and intranet.