![]() When OS 9 is released next year, BMW intends to take a more open-source approach. This platform will be the company's first step toward an entirely Android-based infotainment system, a significant departure from the company's long-standing reliance on Linux, which has served as the foundation of its iDrive experience. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files.According to Digital Trends, BMW plans to bring Android Automotive to its future vehicles starting in 2024 with the OS 9 update. IDrive RemotePC before 7.6.48 on Windows allows information disclosure. A local and low-privileged user can force RemotePC to execute an attacker-controlled executable with SYSTEM privileges. IDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A remote and unauthenticated attacker can disconnect a valid user session by connecting to an ephemeral port. IDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacker can bypass cloud authentication to connect and control a system via TCP port 59. IDrive RemotePC before 7.6.48 on Windows allows authentication bypass. The encryption is done using a hard-coded static key and is therefore reversible by an attacker. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |