The researcher discovered the database July 4, 2019 and then began trying to contact Honda, which was accomplished early on July 6, 2019. By that evening the database had been secured, according to a July 31 blog post.
While searching Shodan, xxdesmus discovered the Elasticsearch database exposed without any authentication and containing information related to the internal network and computers of Honda Motor Company.
The exposed data included information such as machine hostnames, MAC addresses, internal IP, operating system versions, which patches had been applied, and the status of Honda’s endpoint security software. The database appeared to have been publicly accessible since July 1, 2019 based on the Shodan scan of the IP.
The data is potentially sensitive because, in the wrong hands, it shows attackers exactly where the soft spots are, xxdesmus said in the post.
“I am specifically not going to name the major endpoint security vendor that protects Honda’s machines, but the data makes it clear which vendor they use and which machines have the endpoint security software enabled and up to date,” he said, adding, “The data seems to show you which machines do not have endpoint security enabled, which machines are running older operating systems, and if you have a particular vulnerability you could quickly search for machines that have not been patched yet using this data.”
“The reported exposure at Honda highlights the need to continually monitor for vulnerabilities across all applications and infrastructure, and to prioritize remediation based on the value of the associated business asset,” ZeroNorth Chief Executive Officer Ernesto DiGiambattista said.