Security Alerts & News
by Tymoteusz A. Góral

History
#1125 BMW Core Web Portal & ConnectedDrive - exploitation of car configurations
Today we will talk about two vulnerabilities that was discovered by Vulnerability Laboratory core team member "Benjamin Kunz Mejri", the vulnerabilities which are not patched yet! There are two main bugs both related to the BMW online service and web app for ConnectedDrive .

The first vulnerability found in the BMW ConnectedDrive web-application. The vulnerability allows remote attackers to manipulate specific configured parameters to compromise the affected web-application service. A vehicle identification number,commonly abbreviated to VIN, or chassis number, is a unique code including a serial number, used by the automotive industry to identify individual motor vehicles, towed vehicles, motorcycles, scooters and mopeds as defined in ISO 3833.

The vulnerability is located in the session management of the VIN adding procedure. Remote attackers are able to bypass the secure validation approval of the VIN when processing to create it. Remote attackers are able to change with a live session tamper the action information to create or update. Thus allows an attacker to bypass the invalid VIN exception to add a new configuration finally. Thus interaction results in the takeover of other vehicle identification numbers to view or manipulate the configuration. The session validation flaw can be exploited with a low-privilege user account, leading to manipulation of VIN numbers and configuration settings such as compromising registered and valid VIN numbers through the ConnectedDrive portal. The settings available through the ConnectedDrive portal include the ability to lock/unlock the vehicle, manage song playlists, access email accounts, manage routes, get real-time traffic information, and so on.

After the successful exploitation to integrate the vin in the portal the attacker can login with the connectedrive ios application. The attacker includes the illegal vin to his account via portal and can access the configuration via mobile application or portal. Thus way an attacker is able to unauthorized access the info-tainment-system of bmw cars to interact without hardware manipulation or cable access.
Read more
#1134 Little Snitch bug leaves some Mac systems open to attack
#1133 Ranscam ransomware deletes victims’ files outright
#1132 xDedic hacked server market resurfaces on Tor domain
#1131 Adobe patches 52 vulnerabilities in Flash Player
#1130 Ransomware 'stopped' by new software
#1129 Billion-dollar scams: The numbers behind BEC fraud
#1128 Now it’s easy to see if leaked passwords work on other sites
#1127 Serious flaw fixed in widely used WordPress plug-in
#1126 How to hack mobile devices using YouTube videos
#1125 BMW Core Web Portal & ConnectedDrive - exploitation of car configurations
#1124 MIT researchers devise new anonymity network following Tor bug
#1123 Google to train 2 million Indian Android developers
#1122 Jigsaw ransomware decrypted, again
#1121 Cisco unveils three DNA network security technologies
#1120 Cisco bolsters cloud security offering with new solutions
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12