Chinese security firm Keen Security Lab recently disclosed 14 vulnerabilities within the on-board computers of a number of BMW vehicles. The affected vehicles in questions range back to 2012 and include the i, X1, 5 and 7 series. As BMW are starting to resolve the issues, a technical report has been published by the security firm which describes their findings – although with certain technical information redacted.
Flaws in BMW vehicles revealed by Chinese security firm
In March 2018 security firm Keen Security Lab disclosed 14 different vulnerabilities to the BMW group found within a range of their vehicles, dating back to 2012. The affected series in question are i, X1, 5 and 7.
As BMW have acknowledged the vulnerabilities and started rolling out patches the researchers have now released a technical report describing their findings. To prevent any abuse, however, certain technical information is redacted. A full copy of the report is said to be released in 2019.
Physical access and remote vulnerabilites found
Eight of the flaws impact the infotainment system responsible for music and media, four the telematics control unit (TCU) which provides telephony service and two the central gateway module. The latter is designed to receive diagnostic messages from the two former and transfer them on.
Through physical access to either the USB, Ethernet or OBD-II ports eight vulnerabilities can be exploited. As the USB Ethernet Interface doesn’t have any security restrictions it could be used to detect exposed internal services. Similarly, malicious code can also be injected via USB stick into BMW’s ConnectedDrive.
Six of the vulnerabilities also allow for remote exploitation including both over Bluetooth or cellular networks. This can occur even when the vehicle is being driven.
“Third parties increasingly play a crucial role in improving automotive security as they conduct their own in-depth tests of products and services.” was said by BMW Group as a response to the success of Keen Security Labs research in conjunction with BMW’s cybersecurity team. Keen Security Lab have previously found vulnerabilities within other in-car modules, such as those used by Tesla, which could have been exploited for remote control.