New Delhi: The source code of the onboard logic unit (OLU) of Mercedes-Benz has leaked online as per a report by ZDNet. The leak was revealed when a software engineer named Till Kottmann found a Git web portal owned by Daimler AG. The report claimed that Kottmann “was able to register an account on Daimler’s code-hosting portal” without using Daimler’s corporate email ID.
After registering, the software engineer reportedly “downloaded more than 580 Git repositories containing the source code of onboard logic units (OLUs) installed in Mercedes-Benz Vans.”
So, what does this OLU do? As per the official website of Mercedes-Benz Vans, “the OLU enables effective interaction between hardware and software. Among other things, it connects vehicles to the cloud, thereby enabling a high degree of flexibility and the establishment of links between different functions.”
The OLU is also said to help in managing the live vehicle data – “even for users without any vehicle-specific or technical expertise.” Daimler also states that this OLU can also be used by third parties to develop apps easily to implement them in vehicles.
Explaining how Kottmann got hold of Daimler’s GitLab server, he told ZDNet, “I often just hunt for interesting GitLab instances, mostly with just simple Google dorks, when I’m bored, and I keep being amazed by how little thought seems to go into the security settings.”
He claims that he simply got lucky and said that “Daimler failed to implement a whitelist for the registration process.”
“This was honestly just a very lucky find while I was going through some brand names I hadn’t checked before in hopes of finding like some small contractors or something,” he told ZDNet.