According to a report, Tata Motors has fixed various vulnerabilities discovered in its two public-facing websites, namely E-Dukaan and FleetEdge, in 2023. The issues were revealed by a cybersecurity researcher, who recently shared details about the flaws. The researcher discovered the flaw in two platforms owned by Tata Motors in 2023. He claimed that the security flaw gave him access to Amazon Web Services (AWS) keys, which could have allowed hackers to download company data and upload unauthorized files on Amazon servers.
Tata Motors has discovered and fixed security flaw in 2023
Security researcher Eaton Zveare revealed in a blog post that he discovered various security vulnerabilities in the Indian auto giant Tata Motors’ electronic spare parts market (named E-Dukaan) in 2023.
Another public-facing website vulnerable to cyberattacks is FleetEdge, Tata Motors’ fleet management and tracking solution. The researcher shared details of the four most significant flaws he found on the website.
Tata Motors told TechCrunch that the reported vulnerabilities were discovered the same year and “fully addressed.”
Zveare highlighted that Tata Motors’ E-Dukaan and FleetEdge leaked AWS keys in plain text, which could be misused by bad actors to download user files hosted on Amazon’s cloud service, “upload malicious content” and rack up significant server costs. Additionally, these consumer-facing websites are said to be hosting more than 70TB of data, containing sensitive customer information.
The researcher also said that Tata Motors introduced a vulnerability in data analysis tool Tableau that provided backdoor access to cybersecurity researchers. Zveare claims he was able to log in as a server administrator without a password and revealed details about “internal projects, financial reports and dealer dashboards.”
The company also told TechCrunch that its cybersecurity infrastructure is regularly audited by leading companies, and that the company maintains access logs to see if anyone has managed to gain unauthorized access to its databases. The auto giant reportedly said it is actively working with industry experts and security researchers to strengthen its online infrastructure while ensuring timely mitigation of cyberattacks.
Tata Motors is India’s leading automaker, with operations in 125 countries, according to its website. It initially produced commercial vehicles and later expanded into passenger vehicles. It also has a large share of the four-wheel electric vehicle (EV) market in the country.
Connected car features are available on most top-tier models, providing location data, speed and the owner’s personal details on the owner’s phone. This data is primarily transmitted via the company’s servers. Therefore, it is crucial for the automotive giant to promptly identify and patch such defects.
