Chinese Hackers Find Over a Dozen Vulnerabilities in BMW Cars

14:00 23/05/2018
The security flaws have been discovered during a year-long security audit conducted by researchers from Keen Security Lab, a cybersecurity research unit of Chinese firm Tencent, between January 2017 and February 2018.In March 2018, the team responsibly disclosed 14 different vulnerabilities directly to the BMW Group, which affects its vehicles since at least 2012.These are the same group of researchers who have previously found multiple vulnerabilities in various in-car modules used by Tesla, that could have been exploited to achieve remote controls on a target car.
The researchers said a full copy of their research is expected to appear sometime in early 2019, by which the BMW group entirely mitigates against the vulnerabilities.The team of Chinese infosec researchers focused on three critical vehicular components—Infotainment System (or Head Unit), Telematics Control Unit (TCU or T-Box), and Central Gateway Module in several BMW models.
 This would eventually allow miscreants to take complete control over the operation of the affected vehicle to some extent.
Another four vulnerabilities require physical or "indirect" physical access to the car.
The team confirmed that the vulnerabilities existed in Head Unit would affect several BMW models, including BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, BMW 7 Series.However, researchers said the vulnerabilities uncovered in Telematics Control Unit (TCB) would affect "BMW models which equipped with this module produced from the year 2012."BMW has confirmed the findings and already started rolling out over-the-air updates to fix some bugs in the TCU, but other flaws will need patches through the dealers, which is why the researchers have scheduled their full technical report to March 2019.BMW also rewarded Keen Security Lab researchers with the first winner of the BMW Group Digitalization and IT Research Award, describing their research "by far the most comprehensive and complex testing ever conducted on BMW Group vehicles by a third party."
🌟 ASCIS là cuộc thi CTF thường niên lớn nhất dành cho sinh viên các nước ASEAN do Hiệp hội An toàn thông tin Việt Nam (VNISA) chủ trì phối hợp với một số đơn vị tổ chức, dưới sự bảo trợ của Bộ Giáo dục và Đào tạo, Bộ...
🚩 Cuộc thi An toàn Thông tin ISITDTU CTF 2022 do trường Đại học Duy Tân, Đà Nẵng tổ chức đã chính thức khép lại vào ngày 18/12. Hai đội purf3ct (đại diện cho CNSC @UIT) và Sp33d_0f_T1m3 (đại diện do UIT) đã có màn thi đấu ấn tượng với...
Câu nói được sử dụng làm tiêu đề trích từ câu nói của nhà Sinh lý học và Y học Horace Freeland Judson - người đoạt giải Nobel năm 1962 cho thấy tầm quan trọng của thông tin do DNA cung cấp không chỉ ở lĩnh vực y học mà...