{"id":14492,"date":"2020-05-20T07:08:22","date_gmt":"2020-05-20T05:08:22","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=14492"},"modified":"2021-10-12T12:25:00","modified_gmt":"2021-10-12T10:25:00","slug":"security-incident-source-code-for-mercedes-olu-leaked","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/05\/20\/security-incident-source-code-for-mercedes-olu-leaked\/","title":{"rendered":"Security incident: Source Code for Mercedes OLU leaked"},"content":{"rendered":"

[German<\/a>]There has been a security incident at Mercedes Benz. A Swiss engineer found a GitLab server where he could create an account and then access the source code of onboard logic units (OLUs). These OLUs are built into the new 'Smart Car' models of the Mercedes-Benz VANs (Vito, eVito) and allow the use of Daimler digital services. <\/p>\n

<\/p>\n

Mercedes-Benz: Digitalization in transport sector<\/h2>\n

\"\"First a few words about OLUs. Onboard Logic Units (OLUs) are electronic control units that are also used in Mercedes-Benz vehicles (Smart Car). Mercedes Benz VANS describes their purpose in the project 'Digitalization in the transport sector' in this German blog post<\/a>. There they wrote:<\/p>\n

\n

The current generation of the Sprinter (VANs) came onto the market as a fully networked vehicle just over a year ago. With it – and now also with the Vito and eVito models – the Mercedes PRO connect services can be used. <\/p>\n<\/blockquote>\n

The networking solution from Mercedes-Benz enables customers to control orders online and to request vehicle information such as location, tank level or maintenance intervals in almost real time. Among other things, transport companies can reduce downtimes through forward-looking maintenance and repair management. At the same time, Mercedes-Benz also enables a business management analysis of the fleet. According to the blog post, fleet operators from small businesses to major customers use the services of Mercedes PRO. In July 2019 almost every second new Sprinter customer had activated one or more services.<\/p>\n

Access to the source code<\/h2>\n

Daimler has stored the source code of  the software for this onboard logic units on a GitLab server so that developers can access it. <\/p>\n

\n

A Swiss software engineer found the server using Google dorks and then registered an account — because Daimler didn't limit the registration process to Daimler corporate emails.<\/p>\n

He then downloaded 580 of Daimler's OLU repos. pic.twitter.com\/9oxbqS3PqT<\/a><\/p>\n

\u2014 Catalin Cimpanu (@campuscodi) May 18, 2020<\/a><\/p><\/blockquote>\n