Chinese Hackers Find Over a Dozen Vulnerabilities in BMW Cars

Vulnerabilities in BMW Cars: Chinese Security Researchers have discovered dozens of vulnerabilities in the onboard computer units of BMW cars, and some of which can be used to exploit the vehicle remotely.

The flaws were discovered during a year-long from security audit which is basically conducted y the researchers from Keen Security Lab, A cyber security research unit of Chinese firm Tencent, between January 2017 and February 2018.

In March 2018, the team has officially disclosed the 14 different vulnerabilities directly to the BMW Group, which affects the vehicles since at least 2012.

These are the same researchers who have previously found out multiple vulnerabilities in various in-car modules used by Tesla, which could have been exploited to achieve remote controls on a target car.

BWM officially started patching the vulnerabilities to car owners, the researchers have released the 26 pages technical report [PDF] describing their findings, though they avoided to publish some confidential details to prevent abuse.

The researchers also stated that they will be sharing their full research which will be coming very soon in early 2019, by which till that BMW group will entirely mitigate their vulnerabilities.

The Chinese infosec researchers focused on three critical vehicular components—Infotainment System (Head Unit), Telematics Control Unit (TCU or T-Box), and Central Gateway Module in several BMW models.

Here is the list of flaws uncovered by the researchers:

• 8 flaws impact the internet-connected Infotainment System that plays music and media
• 4 flaws affect the Telematics Control Unit (TCU) that provides telephony services, accident assistance services, and ability to lock/unlock the car doors remotely.
• 2 flaws affect the Central Gateway Module that has been designed to receive diagnostic messages from the TCU and the infotainment unit and then transfer them to other Electronic Control Units (ECUs) on different CAN buses.

Exploiting these vulnerabilities could allow any attacker to send the arbitrary diagnostic messages to the target vehicle’s engine control unit (ECU), which could control electrical functions of the car, and to the CAN bus, which is the spinal cord of the vehicle.

This vulnerability could allow anyone to take the complete control over the operation of the affected vehicle to some extent.

These four flaws requires a physical USB access to access to ODB (On-board Diagnostics) port, which actually means that the attacker need to be inside your vehicle where they will exploit them by plugging a malware-laden gadget into the USB port.

Another four vulnerabilities which also require a physical or “indirect” physical access to the car.

However, Six vulnerabilities which can be exploited remotely to compromise the vehicle functions, including one conducted short range via Bluetooth or over long range via cellular networks, even the vehicle being driven.

The researchers group has confirmed that these vulnerabilities exists in Head Unit which would affect several BMW models, including BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, BMW 7 Series.

BMW has confirmed that they have started fixing the bugs which is why the researchers have scheduled their technical report to March 2019.

BMW also rewarded Keen Security Lab researchers with the first winner BMW Group Digitalization and IT Research Award, where they described that by so far this is the most comprehensive and complex testing ever conducted on BMW by a third party.