Oracle is working hard to be a SaaS vendor that matters, whether with its new autonomous database service or getting involved with blockchain. Today, the database giant announced a new blockchain service at Oracle OpenWorld that aims to give enterprise customers who want to get involved with the blockchain, a fully managed approach. “There are not a lot of production-ready… Read More
Oracle came late to the cloud and it’s been playing catch-up in recent years trying to add a wide range of services that customers are going to be demanding from a cloud vendor. To that end, the company added artificial intelligence as a service to its dance card today at Oracle OpenWorld. The company has been busy today with a flurry of announcements including a new autonomous database as… Read More
ServiceNow is best known for helping large organizations organize field service and help desk activity. Today it bought design firm Telepathy because it knows that offering enterprise-class functionality isn’t enough anymore. Your applications have to look good too.
The company did not reveal the acquisition price
Telepathy is a design firm that was founded in 2001 in San Diego and… Read More
When Oracle chairman Larry Ellison announced his company’s new autonomous database product at the Oracle OpenWorld conference keynote, he took several minutes to disparage AWS, one of his chief rivals in the cloud market. As market leader, Amazon stands firmly in Ellison’s crosshairs, but AWS took exception to his comments, and decided to issue a public rebuke. Read More
Truphone, a mobile company based out of London that made a name for itself through low-cost international mobile voice and data plans, is taking a very big step forward in a strategy to catapult itself into the future of communications: the company has picked up a massive £255 million ($339 million), funding that it will use to retire its debt and double down on providing data connectivity… Read More
AtScale, a four-year old startup that helps companies get a big-picture view of their big data inside their BI tools, announced a $25 million Series C investment today. The round was led by Atlantic Bridge with participation from new investors Wells Fargo and Industry Ventures along with returning investors Storm Ventures, UMC, Comcast and XSeed Capital. With today’s investment, the… Read More
We’ve seen a lot of hacking attacks so far this year, but the successful breach of SVR Tracking may take the prize as the most invasive attack of 2017.
If you’re not familiar with the company, SVR Tracking provides a vehicle tracking service. This is accomplished by mounting a small, unobtrusive device on your car in an area where an unauthorized driver is unlikely to notice or look.
Once the device is attached, it reports the vehicle’s location back to the app database in two-minute intervals when the vehicle is in motion, and in four-hour intervals when the vehicle is stationary. One-hundred and twenty days of vehicle location information is available to anyone with the proper login credentials.
On September 18, researchers from Kromtech Security Center discovered files in an unsecured Amazon S3 bucket containing login credentials for more than half a million SVR Tracking accounts. Note that the total number of vehicles this could impact is likely far higher than half a million, because the app is frequently used by companies that manage entire fleets of vehicles, so one account may have dozens (or more) vehicles associated with it.
The exposed files contained account names, passwords, vehicle maintenance reports, dealer contracts and more.
There are two primary ways that a hacker could profit from this information. First and most obvious is that if you know exactly where a vehicle is, and when it’s likely to be sitting idle for hours at a time, then it’s incredibly easy to steal it.
Second, and less obvious, is that knowing where a vehicle goes allows hackers to build a detailed profile about the person driving the car, which can be used to provide better email targeting for attacks down the road.
In any case, the offending files have now been removed and the server locked down, but there’s no way of knowing how many unauthorized people accessed those files while they were publicly visible. If you use the SVR Tracking app, just to be safe, you should change your password immediately.
2415 E Camelback Rd
Suite 700, PMB 7019
Phoenix, AZ 85016