Saw yesterday that there is a hack vulnerability in BMW connected drive portal. Received an email this morning from BMW stating that "I will need to re register with my bmw in september".
According to researchers from Vulnerability Labs, there are two main bugs both related to the BMW online service web app for ConnectedDrive, the connected car hub for new, internet-connected vehicles produced by the automaker.
The first flaw, found in the ConnectedDrive portal, is a VIN session vulnerability. The VIN, or vehicle identification number, is used to identify individual models connected to the service.
Anyone concerned?The second bug is a cross-site scripting vulnerability the researchers discovered client-side on the BMW web domain in the password reset token system. The researchers call the problem a "classic" cross-site scripting vulnerability, as the security flaw does not need privileged user accounts to be exploited;
127.4 KB Views: 1,712