Vulnerability: Code-Signing Bypass and Root Shell Access in BMW Infotainment System

Vulnerability: Code-Signing Bypass and Root Shell Access in BMW Infotainment System

CVE-2018-9322 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell.

Learn more about our Web Application Penetration Testing UK.