14 vulnerabilities are discovered from BMW vehicles, those "highly dangerous" that can be operated remotely without touching the vehicle are also

BMWIt shows that there are as many as 14 vulnerabilities in the in-vehicle unit of the car,TencentResearchers at Keen Security Lab, a cyber security research department, discovered it. For six of the vulnerabilities found, it is possible to remotely operate the car without touching the vehicle, and it is reported that it is a highly dangerous vulnerability

Experimental Security Assessment of BMW Cars: A Summary Report
(PDF file)https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf

Chinese Hackers Find Over a Dozen Vulnerabilities in BMW Cars

According to Kenn Security Lab, these vulnerabilities exist in the five models BMW i series, BMW X series, BMW 3 series, BMW 5 series, BMW 7 series. The 14 vulnerability lists are shown below and these vulnerabilities also play music and media and Internet connectionInfotainmentUsed for system, tracking vehicle position, etc.TelematicsThe control unit (TCU), the central gateway module that controls the exchange of data between various devices in the car, has been confirmed in three places.

Eight of the reported vulnerabilities require some physical access, such as using a USB port, and it is said that it will not be affected unless it is intentionally crafted by a malicious person I will. However, the remaining six cases can be exploited via a cellular network used for communication such as Bluetooth or mobile phones, and it is assumed that there is a possibility that a malicious person may be compromised by even a car while driving I will.

The vulnerability discovered this time has been reported to BMW, and the company is already working on fixing the vulnerability. Regarding the vulnerability related to TCU, the update has already been started, but other vulnerabilities require dealer response, so it will take time to take measures.

Keen Security Lab is planning to release a detailed report on the vulnerability in March, 2019 when BMW's response is completed.

in Software,   Hardware,   Ride,   Security, Posted by darkhorse_log