>

Data breach exposes trade secrets of carmakers GM, Ford, Tesla, Toyota

Data breach exposes trade secrets of carmakers GM, Ford, Tesla, Toyota

Security researcher UpGuard Cyber Risk disclosed Friday that sensitive documents from more than 100 manufacturing companies, including GM, Fiat Chrysler, Ford, Tesla, Toyota, ThyssenKrupp, and VW were exposed on a publicly accessible server belonging to Level One Robotics.

The exposure via Level One Robotics, which provides industrial automation services, came through rsync, a common file transfer protocol that’s used to backup large data sets, according to UpGuard Cyber Risk. The data breach was first reported by the New York Times.

According to the security researchers, restrictions weren’t placed on the rsync server. This means that any rsync client that connected to the rsync port had access to download this data. UpGuard Cyber Risk published its account of how it discovered the data breach to show how a company within a supply chain can affect large companies with seemingly tight security protocols.

This means if someone knew where to look they could access trade secrets closely protected by automakers. It’s unclear if any nefarious actors actually got their hands on the data. At least one source at an affected automaker told TechCrunch it doesn’t not appear that sensitive or proprietary data was exposed.

UpGuard’s big takeaway in all of this: rsync instances should be restricted by IP address. The researchers also suggest that user access to rsync be set up so that clients have to authenticate before receiving the dataset. Without these measures, rsync is publicly accessible, the researchers said.

The breach exposed 157 gigabytes of data—a treasure trove of 10 years of assembly line schematics, factory floor plans and layouts, robotic configurations and documentation, ID badge request forms, VPN access request forms. The breach even included sensitive non-disclose agreements, including one from Tesla.

Personal details of some Level One employees, including scans of driver’s licenses and passports, and Level One business data, including invoices, contracts, and bank account details.

The security team discovered the breach July 1. The company successfully reached Level One by July 9 and the exposure was closed by the following day.

Data breach exposes trade secrets of carmakers GM, Ford, Tesla, Toyota
Source: TechCrunch

WhatsApp limits message forwarding in bid to reduce spam and misinformation

WhatsApp limits message forwarding in bid to reduce spam and misinformation

In a bid to cut down on the spread of false information and spam, WhatsApp recently added labels that indicate when a message has been forwarded. Now the company is sharpening that strategy by imposing limits on how many groups a message can be sent on to.

Originally, users could forward messages on to multiple groups, but a new trial will see that forwarding limited to 20 groups worldwide. In India, however, which is WhatsApp’s largest market with 200 million users, the limit will be just five. In addition, a ‘quick forward’ option that allowed users to pass on images and videos to others rapidly is being removed from India.

“We believe that these changes — which we’ll continue to evaluate — will help keep WhatsApp the way it was designed to be: a private messaging app,” the company said in a blog post.

The changes are designed to help reduce the amount of information that goes viral on the service, although clearly this isn’t a move that will end the problem altogether.

The change is in direct response to a series of incidents in India. The BBC recently wrote about an incident which saw one man dead and two others severely beaten after rumors of their efforts to abduct children from a village spread on WhatsApp. Reportedly 17 other people have been killed in the past year under similar circumstances, with police saying false rumors had spread via WhatsApp.

In response, WhatsApp — which is of course owned by Facebook has bought full-page newspaper ads to warn about false information on its service.

Beyond concern about firing up vigilantes, the saga may also spill into India’s upcoming national general election next year. Times Internet today reports that Facebook and WhatsApp plan to introduce a fake news verification system that it used recently in Mexico to help combat spam messages and the spreading of incorrect news and information. The paper said that the companies have already held talks with India’s Election Commission.

WhatsApp limits message forwarding in bid to reduce spam and misinformation
Source: TechCrunch

Alibaba boosts its offline reach with $2B+ investment in outdoor digital marketing firm

Alibaba boosts its offline reach with B+ investment in outdoor digital marketing firm

Alibaba is investing big bucks into offline distribution. The Chinese e-commerce giant has forked out $2.23 billion in exchange for a sizeable piece of Focus Media, a Shanghai-based company that operates outdoor digital advertising screens across China, Singapore and Hong Kong, according to a U.S. filing.

The deal itself is broken up into a few pieces. Alibaba itself is paying $1.43 billion for a 6.62 percent share of Focus Media, which is listed in Shanghai, It is also spending $504.7 million to buy 10 percent of an entity (managed by Focus Media founder and chairman Jason Nanchun Jiang) which controls 23.34 percent of Focus Media.

In addition, an Alibaba-aligned fund called ‘New Retail Strategic Opportunities’ is buying 1.37 percent of Focus Media, while Alibaba itself is planning to exercise an option to buy five percent more of the business over the next twelve months. That additional transaction will add another $1 billion or so to the total investment, dependent, of course, on Focus Media’s stock price.

That’s quite a mouthful but the objective of the deal is simpler to grok: Alibaba already has a formidable online channel to interact with consumers and now it is expanding what it can do offline.

Focus Media currently claims to reach 200 million middle-class consumers across 300 Chinese cities via its outdoor advertising platform, which includes digital screens in streets, in subways and in elevators. The company plans to grow that to 500 million people across 500 cities, and that ties into Alibaba’s online-to-offline strategy, which it also calls ‘New Retail.’

That has seen the company buy up expensive stakes in offline retail businesses with the goal of marrying the benefits of online shopping — such as quick delivery, easy to find products and easy payment — with the customer experience of brick and mortar stores, like in-person customer service and try-before-you-buy.

It isn’t hard to imagine a scenario in which a consumer sees a product advertised via Focus Media with the option to buy it, or arrange to see it in a store, simply by scanning a QR code. (Lest you forgot, QR codes are huge in China and a very key component in online/offline shopping.)

Beyond the New Retail push, the distribution provided by Focus Media offers sellers on Alibaba’s e-commerce platform an alternative avenue through which to reach potential customers, particularly within China’s growing middle class.

Will people reject being bombarded with ads on their commute or downtime, especially when they could just open an app on their phone? Alibaba likely isn’t keen to take the risk, and given the vast amount of cash it is sitting on this deal isn’t going to be a huge risk.

Alibaba boosts its offline reach with B+ investment in outdoor digital marketing firm
Source: TechCrunch