It is currently 23-10-2017 01:52

Researchers demonstrated hacking the BMW web site of the manufacturer

Researchers demonstrated hacking the BMW web site of the manufacturer

by sigismund » 2016-07-09 21:52:08


Vulnerabilities in web services manufacturer BMW can allow an attacker to modify the settings of the car.


Researcher Benjamin Kunz, Mary (Benjamin Kunz Mejri) of Vulnerability-Labs discovered two vulnerabilities in web services of the company BMW, which you can use to change the settings of the car. Vulnerabilities are present on the web site and on the ConnectedDrive portal.

The first vulnerability allows an attacker to intrude into the current session of the user on the official website of BMW ConnectedDrive. To identify the service application uses the unique identifier (VIN - Vehicle Identification Number). An authorized user of the portal can substitute your VIN number to the number of victims and implemented in the active session.

This portal is used to set the various informational and entertainment apps, read email messages, profile management driver device management smart home, control temperature, lighting and car alarm system and transmitting information about the traffic situation in real time.

The second vulnerability – cross-site scripting present on the website of the official online BMW service the functionality of the password recovery.

According to the statement of Vulnerability-Labs, the vulnerability was transferred to BMW in February of this year. The manufacturer said the researcher, only 2 months after the initial notification. Since information on corrections, was not published by the manufacturer, the researcher decided to publish the details of vulnerabilities.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5