Cybernews Specialists Discover Vulnerability in BMW Subdomains
Specialists at Cybernews have found that a vulnerability in BMW’s subdomains allowed cybercriminals to form fake links to malicious sites. This vulnerability, called SAP Redirect, affected the SAP (SAP NetWeaver Application Server J2EE) redirect functionality.
The SAP Redirect vulnerability enabled cybercriminals to fake the redirect link by adding the line “SAP/Public/BC/ICF/Logoff” to the subdomains. As a result, the final URL appeared as follows: “https://.bmw[.]Com/SAP/Public/BC/ICF/Logoff”.
This vulnerability was used to access two vulnerable subsystems within BMW’s internal systems. Although not critical, this vulnerability posed risks such as targeted phishing or the spread of malicious software. Attackers were able to redirect users to malicious sites or tamper with legitimate sites by manipulating URL parameters in the affected SAP system.
Exploiting this vulnerability, attackers could perform various fraudulent activities, such as sending emails on behalf of BMW’s leadership to request actions from employees or customers. By tricking users into opening these links and entering their account information, attackers could gain access to systems for extortion or other malicious purposes. Additionally, the vulnerability could be leveraged for mass phishing campaigns targeted at customers.
These attacks took advantage of unsuspecting users by redirecting them to the attacker’s website through seemingly legitimate links. At this point, malicious JavaScript could be executed in the victim’s browser or the user could be prompted to provide confidential information.
Upon discovering the vulnerability, Cybernews researchers promptly reported it to BMW, and the company promptly remedied the issue. BMW has assured that the vulnerability did not pose a threat to the systems associated with the BMW Group, and no data leaks or unlawful data usage occurred. The company emphasized that information security is a top priority and highlighted the implementation of multi-level security controls for accessing internal systems.
To prevent vulnerabilities like SAP Redirect, Cybernews recommends implementing SAP patches, following secure coding practices, and regularly conducting security assessments to identify and prevent vulnerabilities. It is also advised for users to exercise caution when clicking on links, even if the domain appears legitimate.