Tata Motors patched the security flaws in 2023, shortly after they were discovered by a security researcher, according to a report.
Tata Motors fixed the security vulnerabilities in 2023
Photo Credit: Reuters
Tata Motors has fixed various vulnerabilities found in two of its public-facing websites in 2023, namely E-Dukaan and FleetEdge, according to a report. The issues were brought to light by a cybersecurity researcher, who recently shared details about the flaws. The researcher discovered the flaws in two Tata Motors-owned platforms in 2023. He claimed that the security vulnerability gave him access to the Amazon Web Service (AWS) keys, which could potentially allow a hacker to download company data and upload unauthorised files on Amazon's servers.
In a blog post, security researcher Eaton Zveare revealed that he discovered various security vulnerabilities in Indian automotive giant Tata Motors' e-marketplace for spare parts, dubbed E-Dukaan, in 2023.
Another public-facing website that was found to be vulnerable to cyberattacks was FleetEdge, Tata Motors' fleet management and tracking solution. The researcher has shared details about the four most significant flaws that he came across on the website.
Tata Motors told TechCrunch that these reported vulnerabilities were identified and “fully addressed” in the same year.
Zveare highlighted that Tata Motors' E-Dukaan and FleetEdge revealed the AWS keys in plain text, which can be misused by bad actors to download a user's files hosted on Amazon's cloud service, “upload malicious content”, and accumulate large bills in server costs. Moreover, these consumer-facing websites are said to host more than 70TB of data with sensitive customer information.
The researcher also said that Tata Motors introduced a vulnerability in the data analytics tool Tableau, which gave backdoor access to the cybersecurity researcher. Zveare claims that he was able to log in as the server admin without a password, revealing details regarding “internal projects, financial reports, and dealer dashboards”.
The company also told TechCrunch that its cybersecurity infrastructure is audited at regular intervals by leading firms and that the firm maintains access logs to see whether somebody has managed to gain unauthorised access to its database. The automotive giant reportedly said that it actively works with industry experts and security researchers to strengthen its online infrastructure, while ensuring timely mitigation of cyberattacks.
Tata Motors is a leading vehicle manufacturer in India and the firm is also present in 125 countries, according to its website. It started with manufacturing commercial vehicles and later expanded into the passenger vehicles segment. It also commands a large four-wheeler electric vehicle (EV) market share in the country.
Most top-of-the-line variants of cars offer connected car features, providing location data, speed, and the owner's personal details on the owner's phone. This data is mostly routed through the company's servers. Hence, it becomes pertinent for automotive giants to timely identify and patch such flaws.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.