| Developers: | Toyota |
| Last Release Date: | 2022/11 |
| Technology: | SRM - Supplier Relationship Management |
2023: Researcher's hacking of Toyota's global supplier information management system
cyber security An expert from USA Eton Zweare found 4 critical in vulnerabilities systems in one week. Toyota This became known on February 8, 2023.
The mistakes could allow the entire global supply chain of the carmaker and its suppliers to be compromised.
The specialist managed to hack Toyota's global supplier information management system (G-SPIMS) - a web application used by company employees and their suppliers to coordinate projects, procurement and other tasks related to Toyota's global supply chain.
The hack was pretty easy to execute. Zwear discovered a backdoor login mechanism on the website that allowed him to log in as a Toyota corporate user or supplier simply by knowing their email.
As a result, he discovered the email address of the system administrator and was able to log into his account. The researcher then gained full control of Toyota's entire global system.
 | I had full access to Toyota's internal projects, documents and user accounts, including Toyota's external partner/supplier accounts, the researcher said. |  |
These external accounts included users from Michelin, Continental, Stanley Black & Decker, Timken and others. Zwear reported the problem to Toyota on November 3, 2022, and the company announced 20 days later that the problem had been fixed.
According to the specialist, if the attacker discovered the problem, "the consequences could be serious" - he could leak data, delete it or change it to disrupt Toyota's global operations.
Moreover, a cybercriminal could conduct a targeted phishing campaign to try to obtain login information to the corporate network. That would probably put Toyota's other systems under attack.
| | It's one thing to have more than 14,000 corporate emails and quite another to have more than 14,000 corporate emails and know exactly what they're working on/working on. If the supplying user has a habit of reusing passwords, it is possible that their own infrastructure could also be attacked, said researcher[1]. | |
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |