Leaky app gives researcher 'total, global control' over the Toyota supplier network

A security researcher said he discovered a back door in the code of a public facing Toyota web application that gave him access to information on more than 14,000 corporate user accounts and detailed information on Toyota’s suppliers — and even the parts that make up Toyota vehicles. 

Researcher Eaton Zveare described in a post on Wednesday the discovery of a serious flaw in Toyota’s Global Supplier Preparation Information Management System (or “GSPIMS”), a web application that Toyota uses to …

access accounts app application back code control corporate discovery door eaton eaton zveare flaw global information network preparation public researcher security security researcher serious supplier suppliers toyota vehicles web web application