Everyone has a different tolerance level for scary movies. The strong of heart all flocked to the theater this past weekend to see Stephen King’s “It”, which made 117.2 million dollars on it’s opening weekend. Apparently many are strong of heart. Not only is the movie a remake of the 1991 classic, the 1991 classic and the recent box office success is based on the popular novel by Stephen King, originally published in 1986. Does a 30 year old plot line from a book which has been made into two different movies mean it’s no longer scary? Would another news story of a cybersecurity leak scare you? That’s what I thought. We know it’s coming. New stories are told all the time. It’s the same plotline. But anytime you hear that the passwords for tracking devices in over 540,000 cars has been leaked online, you’re gonna get a little freaked out.
That’s the most recent cybersecurity story to hit the news wire. Over half a million cars that use SVR tracking, a vehicle tracking device company has been leaked. This exposes much more than make and model. It includes personal data of the drivers and precise vehicle details that makes the cars and drivers vulnerable to potential attacks.
This story comes directly on the heels of the dramatic Viacom breach, where they literally left their credentials for their cloud service hosted by Amazon Web Services open to the public.
The same happened to a storage bucket within Amazon Web Services cloud server, with a cache that belonged to SVR Tracking. This storage bucket was left open and accessible to the public for an undetermined amount of time. The breach was first discovered by Kromtech Security Center.
Sensitive information that was exposed includes license plate numbers, vehicle identification numbers (VIN numbers), IMEI numbers connected to individual GPS systems, emails and even hashed passwords.
In order to understand how dangerous this information can be when in the wrong hands, we need to understand how useful this information can be when in the right hands. SVR Tracking stands for Stolen Vehicle Records tracking. The idea is that you attach the tracking device in a discreet location, and if your car is stolen, you’re able to track the movements and location of your car in real time.
Now imagine that information in the wrong hands. The hacker is now able to track you in real time, configuring a log of all your whereabouts, habits, and patterns. This leaves your car vulnerable if you leave for a business trip, or even your home vulnerable if the hacker can tell when you’re at work. Just to make matters worse, the information given to the hackers lets them know where exactly on the car the tracking device is located. So now if your car is stolen, you can’t even use the tracking device that you paid for in order to help you out in such a case.
The AWS storage bucket has been corrected, and is no longer leaking classified information. However the breach just reminds us of the threat of cybersecurity. And it doesn’t matter how many times you’ve seen this movie. Just like Stephen King’s, “It” – it will still scare the hell out of you.