2017-09-12Kromtech Discovers Massive Elasticsearch Infected Malware Botnet
The Kromtech Security Center has discovered a repository that appears to be connected to the vehicle recovery device and monitoring company SVR Tracking. Researchers discovered a misconfigured Amazon AWS S3 bucket that was left publically available. The breach has exposed information about their customers and re-seller network and also the physical device that is attached to the cars. The repository contained over a half of a million records with logins / passwords, emails, VIN (vehicle identification number), IMEI numbers of GPS devices and other data that is collected on their devices, customers and auto dealerships. Interestingly, exposed database also contained information where exactly in the car the tracking unit was hidden. The “SVR” stands for 'stolen vehicle records". What was discovered? A Backup Folder called “accounts” contained 540,642 ID numbers, account information that included many plate & vin numbers, emails, hashed passwords, IMEI numbers and more. 71,996 (02/2016) 64,948 (01/2016) 58,334 (12/2015 53,297 (11/2016 51,939 (10/2016) 41,018 (9/2016) 35,608 (8/2016) 31,960 (7/2016) 31,054 (6/2016) 29,144 (5/2016) 38,960 (4/2016) 32,384 (3/2016) 116 GB of Hourly Backups 8.5 GB of Daily Backups from 2017 339 documents called “logs” that contained data from a wider date range of 2015-2017 UpdateAllVehicleImages, SynchVehicleStatus, maintenance records. Document with information on the 427 dealerships that use their tracking information. The overall number of devices could be much larger given the fact that many of the resellers or clients had large numbers of devices for tracking. Detailed Tracking 24hrs a Day, Even if The Car Is Not Stolen or Missing The software monitors everywhere the car has been back as far as 120 days, including a terrifying feature that pinpoints on the map all of the places a driver has visited. There is even an option that will show anyone with login credentials the top stops or locations where the vehicle has been. There is a “recovery mode” that can pinpoint every 2 min or create zone notifications. They claim to have a 99% success rate on recovery but what about when the customer logins and passwords for thousands of unsuspecting drivers are leaked online? According to their website “The SVR Tracking service enables lot owners to locate and recover their vehicles with live, real-time tracking and provides stop verification, enabling them to determine potential locations for their vehicles. Alerts will flag owners, making them aware of events of interest. The application dashboard provides real-time graphs and detailed vehicle data suited to tighter control and accurate measurements of vehicle activity.” The software can be accessed from any internet connected device like a desktop, laptop, mobile phone or tablet. The tracking unit is located by satellite and sends the information to their servers via the GPRS Data Network. In the age where crime and technology go hand in hand, Imagine the potential danger if cyber criminals could find out where a car is by logging in with the credentials that were publically available online and steal that car? Shortly after sending responsible disclosure note, bucket has been secured, however, no words from the company. In 2012 there were an estimated 721,053 automobiles stolen in the United States. Attention - Portions of this article may be used for publication if properly referenced and credit is given to Kromtech Security Center. Do you have security tips or suggestions? Contact: firstname.lastname@example.org
Subscribe for the latest security news and discoveries
Thank you for subscribing to our Newsletter. To finish the subscription process, please visit your email.