The security researchers from a Chinese firm Tencent have found more than a dozen vulnerabilities in the compute units of BMW cars. A few of these vulnerabilities can be exploited to endanger a vehicle. These faults have been discovered after a year long security audit of their cybersecurity research unit, Keen Security Lab. The same researchers are famous for their previous findings of the vulnerabilities in the in-car modules of Tesla.
In March 2018, the security team have revealed 14 different vulnerabilities directly to the BMW Group, which had affected their vehicles since the year 2012. The researchers have reported their technical findings in a 26-page report even though some of the major technical details have been omitted in order to prevent further abuse. However, the researchers have scheduled their full technical report to March 2019.
The Chinese infosec researchers team have emphasized on three critical vehicular components—Infotainment System (or Head Unit), Telematics Control Unit (TCU or T-Box), and Central Gateway Module in several BMW models.
The flaws that have been discovered are listed below
- There are 8 flaws that affect the internet-connected Infotainment System which plays music and media
- There are 4 flaws that affect the Telematics Control Unit (TCU) which provides telephony services, accident assistance services, and ability to lock/unlock the car doors remotely.
- There are 2 flaws that affect the Central Gateway Module that was designed to receive diagnostic messages from the TCU and the infotainment unit and then transfer them to other Electronic Control Units (ECUs) on different CAN buses.
By exploiting these vulnerabilities an attacker could transmit arbitrary diagnostic messages to the target vehicle’s engine control unit (which manages the electrical functions of the car) and to the CAN bus which is the spinal cord of the vehicle. This can lead to taking complete control of the operation of the affected vehicle.
Four of the vulnerabilities need a physical USB access or access to the ODB (On-board diagnostics) port. So the attackers need to be inside your vehicle to manipulate them by plugging a malware-laden gadget into the USB port. Another four vulnerabilities require physical or “indirect” physical access to the car. But six vulnerabilities can be utilized remotely to compromise vehicle functions, one of which can be conducted over a short range via Bluetooth or over long range via cellular networks, even when the vehicle is being driven.
The Chinese researchers have confirmed that the vulnerabilities that existed in Head Unit would affect several BMW models, including BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, BMW 7 Series. The vulnerabilities found in Telematics Control Unit (TCB) would affect the BMW models that are provided with this module produced from the year 2012.”
BMW has confirmed the findings and have started finding patches for the vulnerabilities. Some of the over-the-air updates to fix some faults in TCU have been initiated but some other flaws require patches through the dealers. They have also rewarded Keen Security Lab researchers with the first winner of the BMW Group Digitalization and IT Research Award, which describes their research as the most comprehensive and complex testing ever conducted on BMW Group vehicles by a third party.