Nissan source code leaked online
In the beginning of January (Jan. 4), it was reported that source code of mobile apps and internal tools developed and used by Nissan North America was circulating the Internet. Apparently, the data have been shared on Telegram channels and different forums for hackers in the form of torrent links.
The reason of the online leakage was a misconfiguration of one of the automaker’s Bitbucket Git servers, as its default username/password was set to admin/admin. Accordingly, the Git repository contained the source code of:
• Nissan NA Mobile apps
• some parts of the Nissan ASIST diagnostics tool
• the Dealer Business Systems/Dealer Portal
• Nissan internal core mobile library
• Nissan/Infiniti NCAR/ICAR services
• client acquisition and retention tools
• sale/market research tools + data
• various marketing tools
• the vehicle logistics portal
• vehicle connected services/Nissan connect things
• and various other backends and internal tools
A Nissan spokesman has confirmed the incident and, in a response for a comment, said:
“Nissan conducted an immediate investigation regarding improper access to proprietary company source code. We take this matter seriously and are confident that no personal data from consumers, dealers or employees was accessible with this security incident. The affected system has been secured, and we are confident that there is no information in the exposed source code that would put consumers or their vehicles at risk.”
The Git server has been taken offline by Nissan, according to ZDNet.
Written by Joakim Rosell
Related Articles
Related
Data Spaces Symposium 2024
Data Spaces Symposium (DSS) 2024 took place at Darmstadtium, Frankfurt between March 12-14. Some key highlights from the event: - Strategic Insights from European Commission Speakers:European Commission speakers provided strategic insights into the Data Act and the...
Foundation Models and Cybersecurity
ChatGPT got quite much attention in the last months. The release of GPT4 demonstrated once more the potential of foundation models. There have been many discussions and proposals on how natural language processing (NLP) can be used, e.g., the chat-bot functionality in...
Concerns Over the Cybersecurity Of Electric Vehicle Charging Infrastructure
Last summer a technical report from a project that intended to provide the power, security, and automotive industry a strong technical basis for securing the EV charging infrastructure by developing threat models, determining technology gaps, and identifying or...