This blog post is part of a series on Char49 research about car manufacturers’ security posture. You can read the whole series or watch our DEF CON 32 AppSec Village presentation on YouTube.
This is not the first time we write about subdomain takeover and probably it won’t be the last. Every time we find a subdomain takeover we ask ourselves “How big is this (assets management) problem?”. This time we decided to answer our own question but we got caught in the rabbit hole where we met...
During our research on the Segways’ domain space, we found a subdomain pointing to a third-party domain “pending for deletion” by its owner. Using a domain monitoring and backorder service, as soon as the third-party domain became available we got control over Segway’s subdomain.
According to responsible disclosure best practices, we provided Segway a detailed security advisory. This article is published after the security issue has been (silently) fixed by Segway.
