Automotive giant Honda has shut down an exposed database that contained sensitive information about the security — specifically the weak points — of its internal network.

Security researcher Justin Paine discovered the sensitive information after scouring the internet with Shodan, a specialist search engine which can be used to find exposed internet-enabled devices such as webcams, routers and IP phones.

What Paine found was an ElasticSearch database that was accessible without any authentication.

The data contained within this database was related to the internal network and computers of Honda Motor Company. The information available in the database appeared to be something like a inventory of all Honda internal machines. This included information such as machine hostname, MAC address, internal IP, operating system version, which patches had been applied, and the status of Honda’s endpoint security software.

As Paine explains, what makes such information “particularly dangerous in the hands of an attacker is that it shows you exactly where the soft spots are.”

Reading the data, the researcher was able to identify which endpoint security vendor was used to protect Honda’s computers, which had security software installed and enabled as well as which were up-to-date (and thus, which were not).

Furthermore, Paine claims that it was “extremely simple” to locate specific employees including high value employees such as the CEO, CFO or CSO and launch highly targeted attacks.

Paine also pointed out that being able to identify which computers were less likely to identify or block attacks could “very easily be the open door into the entire network.”

Thankfully, Paine acted responsibly. He contacted Honda’s security team, who responded rapidly by locking down access to the database. Honda issued a statement thanking the researcher for his assistance and issuing a reassurance that it did not believe others had accessed (Read more...)