[jjrandorin]

Saw yesterday that there is a hack vulnerability in BMW connected drive portal. Received an email this morning from BMW stating that "I will need to re register with my bmw in september".

According to researchers from Vulnerability Labs, there are two main bugs both related to the BMW online service web app for ConnectedDrive, the connected car hub for new, internet-connected vehicles produced by the automaker.

The first flaw, found in the ConnectedDrive portal, is a VIN session vulnerability. The VIN, or vehicle identification number, is used to identify individual models connected to the service.

The second bug is a cross-site scripting vulnerability the researchers discovered client-side on the BMW web domain in the password reset token system. The researchers call the problem a "classic" cross-site scripting vulnerability, as the security flaw does not need privileged user accounts to be exploited;

Anyone concerned?

http://www.zdnet.com/article/hacker...egistration-through-bmw-connected-car-portal/

 

[Weaselboy]

I have an account on there and received no such email notification. The article does sound like there is legitimate reason to be concerned.