A research team from the Tencent firm discovered several security vulnerabilities in BMW models.
Tencent Keen Security Lab’s information security experts found 14 vulnerabilities that affect several BMW models, including models; BMW i, BMW X, BMW 3 Series, BMW 5 Series and BMW 7 Series.
The investigation was conducted for one year between January 2017 and February 2018. The researchers reported the problems to BMW, once the company began implementing security patches; the researchers published the technical details.
“We perform a thorough analysis of the hardware and software in Head Unit, Telematics Control Unit and Central Gateway Module of multiple BMW vehicles, “reads the Tencent Keen Security Lab report.
“By focusing on various external attack surfaces of these units, it was found that a remote-targeted attack on multiple BMW vehicles connected to the Internet in a wide range of areas is feasible, through a set of remote attack surfaces, including; GSM Communication, BMW Remote Service, BMW ConnectedDrive Service, UDS Remote Diagnosis, NGTP protocol and Bluetooth protocol “.
The vulnerabilities affect the cars produced since 2012. The information security professionals focused the tests on the infotainment and telematics systems of the vehicles.
According to the study, eight vulnerabilities affect the infotainment system, four problems affect the telematic control unit (TCU) and two affect the central gateway module.
The professionals explain that the TCU provides telephony services, accident assistance and implements remote controls of doors and climate. The central gateway receives diagnostic messages from the TCU and the main unit, and then sends them to other electronic control units (ECUs) on different CAN buses.
In the study, it was found that an attacker can exploit the flaws, to execute arbitrary code and take control of the affected component.
Information security researchers showed that a local attacker can hack BMW vehicles with only a USB stick; in another attack the researchers demonstrated a remote hack through a software-defined radio.
These remote attacks can be carried out through Bluetooth or through mobile phone networks. The remote hacking of a BMW car is very complex to carry out because the attacker would have to first hack a local GSM mobile network.
“Research has shown that it is feasible to obtain local and remote access to information and entertainment, T-Box components and UDS communication above a certain speed of selected modules of BMW vehicles and obtain control of CAN buses with execution of arbitrary unauthorized diagnostic requests of BMW systems in the car remotely “, said the professionals information security professionals.
BMW already issued security updates for the back-end systems, and also implemented over-the-air patches for the TCU.