Tencent Keen Security Lab Uncover Vulnerabilities in BMW Connected Car, Receives Award

Tencent Keen Security Lab Uncover Vulnerabilities in BMW Connected Car, Receives Award

Many connected vehicles on the road today suffer from vulnerabilities that have not been discovered by hackers and cybersecurity specialists. German automaker BMW is currently in the process of addressing such challenges through third-party testing and research.

In a collaborative project with Chinese researchers from Tencent Keen Security Lab, the car manufacturer was able to expose several harmful exploits plaguing its line of luxury vehicles. A total of 14 hacks were discovered by the researchers. The vulnerabilities targeted infotainment systems, wireless communication components and telematics controls.

Vulnerabilities and Exploits

During the project, the researchers used different attack vectors to achieve their goals. Interestingly, only four methods required criminals to have physical access to the USB ports of the vehicle. Another four vulnerabilities exploited the car’s computer, which also required physical access by hackers.

Surprisingly, six methods focused on remote access to the unit’s internal systems. Such hacking techniques can lead to the exploitation of secure and isolated system components.

“Our research findings have proved that it is feasible to gain local and remote access to infotainment, T-Box components, and UDS communication above certain speed [for] selected BMW vehicle modules and been able to gain control of the CAN buses with the execution of arbitrary, unauthorized diagnostic requests of BMW in-car systems remotely,” said researchers from Tencent’s Keen Security Lab.

Taking the attacks one step further, criminals could combine various vulnerabilities to create an efficient hacking strategy. Hence, it is crucial for all the findings to be patched in a timely manner.

According to BMW, third-party testing of in-car platforms is a common and crucial practice within the company. The security exercises conducted by the researchers were completed with the automaker’s cybersecurity team. Timeline for testing was from January 2017 to February 2018.

Future Updates Needed

BMW is in the process of addressing the vulnerabilities uncovered by the research group. Discussions about the exploits are currently limited, as full details of the hacks won’t be published until security updates have been rolled out. So far, only a summary has been released by the research group. The full report will be published in 2019.

“Subsequently, these upgrades were rolled out in the BMW Group backend and uploaded to the telematics control units via over the air connection. The BMW Group develops additional software updates, which as usual will be made available for customers at BMW dealerships,” said the German automaker.

It is important to note that not all BMW models are affected by the vulnerabilities. BMW vehicles affected by exploits surrounding the infotainment system includes the following: BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series and BMW 7 Series. Furthermore, BMW models manufactured from 2012 to present day are affected by vulnerabilities in the Telematics Control Unit (TCB).

Moving forward, the automaker is considering a partnership with Tencent Keen Security Lab for research and development projects related to car security and testing of autonomous vehicles. In the future, BMW plans to conduct cybersecurity tests on Google Android embedded vehicle systems and OTA update protocols.