1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

BMW ConnectedDrive flaws could be misused to tamper with car settings

Discussion in 'Help Net Security' started by RSS, Jul 8, 2016.

  1. RSS

    RSS New Member Member

    Security researcher Benjamin Kunz Mejri has found two vulnerabilities in the BMW ConnectedDrive web portal/web application. About the vulnerabilities in BMW ConnectedDrive The first one is a client-side cross site scripting web vulnerability that could be exploited by a remote attacker without a privileged account to inject his own malicious script codes to the client-side of the affected module context. Minimal user interaction is needed for this attack to work. “Successful exploitation of the vulnerability … More →

    Continue reading...

Share This Page