The popular German car brand Mercedes-Benz made a big mistake. The company accidentally shared its open source codes and trade secrets. So, which software does the source code in question belong to? What exactly was the scope of trade secrets shared by the company? Here are all the details about the subject…
All trade secrets and open source codes of Mercedes-Benz have been revealed!
Security is among the indispensable items, especially for large companies. The German automotive company Mercedes-Benz needs to work a little more on this issue. GitHub, where all the brand’s trade secrets and open source codes are located, was literally blown up.
Many companies that provide security support to large companies go around the internet unannounced and inspect brands. RedHunt Labs, a UK-based security company, was on the tour for exactly this purpose. And in the meantime, they discovered a GitHub repository containing Mercedes-Benz’s trade secrets and source codes.
Making a statement on the issue, Shubham Mittal, co-founder of RedHunt Labs, stated in his statement that they gained full access to the mentioned repository by using an authentication token. He underlined that full access provides access to documents considered “critical”, such as the brand’s future commercial plans, concept and non-concept vehicle designs.
In addition, the company stated that they noticed this token in their scan in January and stated that this token was actually published in September 2023. Through the GitHub repository vulnerability in question, access to the cloud system’s access keys, API keys and additional passwords could also be obtained. It was also stated that the entire infrastructure could be destroyed with an attack on Mercedes-Benz’s information systems using all these passwords and keys.
Regarding the issue, an official from Mercedes-Benz stated that all the API tokens in question were canceled and the pool that was open to the public was removed. But the token, which has not been audited since September, has been publicly available for a long time. Questions such as who received what information during the elapsed time remain unanswered.