BMW Connected Cars Riddled With Security Vulnerabilities

Chinese researchers from Tencent’s KeenLab discovered 14 exploitable security vulnerabilities in several BMW models, which have since been patched but highlight the security issues involving connected vehicles.
Between January 2017 and February 2018, Tencent’s Keen Security Lab experts conducted comprehensive tests with various BMW models, focusing on head unit and T-Box components of different generations.
Following the research, the team informed BMW about their findings on 14 different vulnerabilities — nine of the attack scenarios required a physical connection in the car or a location in the direct vicinity of the vehicle.
The Tencent team also found five attack scenarios that were based on a remote connection using a wireless network.
After gaining access to the head unit and T-Box components, lab engineers executed specifically developed exploits and in this way were able to gain control of the CAN buses to trigger arbitrary, unauthorized diagnostic vehicle functions remotely.
“Our research findings have proved that it is feasible to gain local and remote access to infotainment, T-Box components and UDS communication above certain speed of selected BMW vehicle modules and been able to gain control of the CAN buses with the execution of arbitrary, unauthorized diagnostic requests of BMW in-car systems remotely,” the research team wrote.
Vulnerabilities were spread across three main areas, including the Internet-connected infotainment systems providing satellite navigation and vehicle diagnostic information, the telematics control unit, which includes software allowing a vehicle’s location to be tracked, and the central gateway module, which controls data flow between various electrical components in the vehicles.
“BMW belongs to the top 5 percent in automotive IT security, which made it a highly challenging task for our sophisticated team,” Samuel Lv, director of Tencent Keen Security Lab, noted in a statement.
After internal verification of the findings, BMW’s security team contacted Keen to confirm the findings and began developing upgrades that were rolled out in the automaker’s back-end and uploaded to the telematics control units through an over-the-air connection.
A letter from BMW Group to Tencent, which was included in the security firm’s report, confirmed the company’s findings and admitted certain infotainment and T-Box units were indeed affected.
The first-ever BMW Group Digitalization and IT Research Award, announced earlier this week, was given by the automaker to the Keen Security Lab for their connectivity and cybersecurity research, noting the two companies plan to expand their cooperation and joint research work.
BMW went on to thank Tencent for their responsible disclosure procedure and noted the Keen Security Lab findings have contributed to security enhancements in BMW’s products and services.
Tencent advocates for advancement of security features of intelligent connected cars by publishing substantial research and supporting automakers in technological and technical development matters.
“We want to contribute our comprehensive expertise and in-depth understanding of vehicle technologies to improving the development processes and security guidelines in the automotive industry, providing a shared benefit for OEMs and customers,” Sen Nie, lead researcher of vehicle and IoT security research at Tencent, wrote in a statement.