Skip to main content

Security lapse exposed weak points on Honda’s internal network

An exposed database at automotive giant Honda allowed anyone to see which systems on its network were vulnerable to unpatched security flaws, potentially giving hackers insider knowledge of the company’s weak points.

The server contained 134 million rows of employee systems data from the company’s endpoint security service, containing technical details of each computer and device connected to the internal network.

There was no password on the database, allowing anyone to access and read the data.

The data included which operating system a user was running, its unique network identifiers and IP address, the status of the endpoint protection, and which patches were installed. That could allow an attacker to figure out which systems are at risk of certain vulnerabilities, or tailor attacks towards machines of interest using exploits known to target vulnerable devices. (We’re not naming the endpoint provider as it could prove useful for an attacker.)

In some cases the database would reveal the endpoint security status — including if a device was unprotected.

Security researcher Justin Paine found the exposed database earlier this month. He wrote up his findings and shared them exclusively with TechCrunch. The database was shut down hours after he made contact with the company.

“I thought this was a likely to be just a single Honda dealership,” Paine told TechCrunch. “The odds of that seemed far more likely than a database containing information related to all of Honda’s global network of employee machines.”

The database contained records on multiple Honda offices around the world, including Mexico, the U.K. and the U.S., said Paine.

He also found the chief executive’s computer in the logs, including which operating system he uses, the patches installed, and more. The records also included his email address and the last time he logged on.

“What makes this data particularly dangerous in the hands of an attacker is that it shows you exactly where the soft spots are,” said Paine. “This data contained enough identifiable information to make it extremely simple to locate specific high value employees and in the hands of an attacker this leaked data could be used to silently monitor for ways to launch very targeted attacks on those executives,” he said.

Honda spokesperson Marcos Frommer told TechCrunch: “The security of our data is critical to us, and we are continually reviewing our processes to ensure that our data is protected. We have investigated this specific issue and have taken steps to address the matter.”

“We will take appropriate actions in accordance with relevant laws and regulations, and will continue to work on proactive security measures to prevent similar incidents in the future,” said the spokesperson.

It’s the latest find by Paine in recent months. Earlier this year he found a huge database of call logs and SMS messages exposed on the internet, and also the viewing habits of a library and university streaming service.

Read more:



from TechCrunch https://ift.tt/2GDz6u1
via IFTTT

Comments

Popular posts from this blog

The Silent Revolution of On-Device AI: Why the Cloud Is No Longer King

Introduction For years, artificial intelligence has meant one thing: the cloud. Whether you’re asking ChatGPT a question, editing a photo with AI tools, or getting recommendations on Netflix — those decisions happen on distant servers, not your device. But that’s changing. Thanks to major advances in silicon, model compression, and memory architecture, AI is quietly migrating from giant data centres to the palm of your hand. Your phone, your laptop, your smartwatch — all are becoming AI engines in their own right. It’s a shift that redefines not just how AI works, but who controls it, how private it is, and what it can do for you. This article explores the rise of on-device AI — how it works, why it matters, and why the cloud’s days as the centre of the AI universe might be numbered. What Is On-Device AI? On-device AI refers to machine learning models that run locally on your smartphone, tablet, laptop, or edge device — without needing constant access to the cloud. In practi...

Apple’s AI Push: Everything We Know About Apple Intelligence So Far

Apple’s WWDC 2025 confirmed what many suspected: Apple is finally making a serious leap into artificial intelligence. Dubbed “Apple Intelligence,” the suite of AI-powered tools, enhancements, and integrations marks the company’s biggest software evolution in a decade. But unlike competitors racing to plug AI into everything, Apple is taking a slower, more deliberate approach — one rooted in privacy, on-device processing, and ecosystem synergy. If you’re wondering what Apple Intelligence actually is, how it works, and what it means for your iPhone, iPad, or Mac, you’re in the right place. This article breaks it all down.   What Is Apple Intelligence? Let’s get the terminology clear first. Apple Intelligence isn’t a product — it’s a platform. It’s not just a chatbot. It’s a system-wide integration of generative AI, machine learning, and personal context awareness, embedded across Apple’s OS platforms. Think of it as a foundational AI layer stitched into iOS 18, iPadOS 18, and m...

Max Q: Psyche(d)

In this issue: SpaceX launches NASA asteroid mission, news from Relativity Space and more. © 2023 TechCrunch. All rights reserved. For personal use only. from TechCrunch https://ift.tt/h6Kjrde via IFTTT