Tencent Researchers Discover Security Flaws in BMW Cars – Vehicles Will Be Patched at Dealerships
Chinese security researchers have discovered several security vulnerabilities in BMW cars, including some remotely exploitable vulnerabilities. Keen Security Lab, the cybersecurity unit of Tencent, reported 14 vulnerabilities that impact the infotainment system, the TCU, and the central gateway module.
While the published paper (24 pages!) lacks some technical details that would be shared next year after these bugs have been fixed, researchers noted that some of the flaws can be exploited to execute arbitrary code and take complete control of the affected component. Researchers said that they gained entry using the vehicle's infotainment and telematics systems. By combining these 14 security holes, they were able to escalate their access to the car's inner CAN bus that interconnects all the car components and functions.
Tencent researchers hacked the BMW cars using both the local access (USB) or via remote hacks. "Our research findings have proved that it is feasible to gain local and remote access to infotainment, T-Box components and UDS communication above certain speed of selected BMW vehicle modules and been able to gain control of the CAN buses with the execution of arbitrary, unauthorized diagnostic requests of BMW in-car systems remotely," researchers wrote.
BMW is currently working on firmware updates for some of its high-profile car models, including BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and 7 Series. According to reports, BMW has already shipped some "configuration updates" via its over-the-air component update system. However, offline firmware patches will be delivered to all the affected vehicles the next time those vehicles are brought to authorized dealerships.
BMW also appears to be quite appreciative of this bug discovery process, calling Tencent's efforts as "the most comprehensive and complex testing ever conducted on BMW Group vehicles by a third party." The automaker has named Keen Security Lab the first winner of the BMW Group Digitalization and IT Research Award along with announcing a possible long-term relationship for in-depth research and development activities.
- A joint technical report explaining the vulnerabilities will be published in early 2019.