Two vulnerabilities were identified in Bosch s Drivelog Connect OBD-II dongle and smartphone app that allowed researchers to shut off the engine of a vehicle. One of the issues was patched via server-side fix, Bosch said in an April 13 statement, while the other will be handled in a future firmware update. Researchers at Argus Cyber Security said the complexity in exploiting the vulnerabilities and forehand knowledge of automobile architecture somewhat mitigates the risk involved. In the wild, a large number of vehicles could be affected.
Source: https://threatpost.com/patched-flaw-in-bosch-diagnostic-dongle-allowed-researchers-to-shut-off-engine/125061/