Multiple Internet-Connected BMW vehicles vulnerable to getting hacked

In total, researchers have identified 14 vulnerabilities in Multiple Internet-Connected BMW vehicles putting them at risk of being hacked.

Old times were trouble-free when we could live without the fear of our home appliances being monitored without our permission and our cars being hacked remotely. Today, almost every car has a computer or silicon chip installed, which makes our vehicles vulnerable to exploitation by cybercriminals.

The more connected to the internet a vehicle is, the higher its chances of getting exploited. In this regard, mainstream firms are leading the tech industry with innovative solutions to make their cars tech-savvy such as BMW. So it is not surprising that security researchers have identified vulnerabilities in these modern cars too.

According to the analysis of researchers at Chinese firm Tencent’s cybersecurity unit Keen Security Lab, modern BMW cars contain 14 security vulnerabilities and all of them aren’t fixed yet. It is although heartening to know that the security issues are not that serious and have very little chance of exploitation but it is indeed alarming that BMW cars have security loopholes.

Another important aspect is that the QNX computing system is used by BMW for its cars, which is commonly used by various automotive firms. This means many other cars would be having security flaws.

Related: Watch thieves steal keyless Mercedes within 23 seconds

As per the analysis from [PDF] Tencent Keen Security researchers, some of the flaws in BMW cars are remotely exploitable. The 14 vulnerabilities impact the central gateway module, infotainment system and TCU of the vehicles. Some flaws can be exploited to launch arbitrary code and gain full control of the affected component.

Multiple Internet-Connected BMW vehicles vulnerable to getting hacked

Researchers obtained entry to BMW cars’ security system via its infotainment and telematics systems and state that through combining the 14 security flaws, they could acquire access to the inner CAN bus of the car. The CAN bus is responsible for creating interconnectedness between all the functions and components of a vehicle. Using local access (USB) and through remote hacking, researchers were able to hack BMW cars.

In their report, researchers noted: “Our research findings have proved that it is feasible to gain local and remote access to infotainment, T-Box components and UDS communication above a certain speed of selected BMW vehicle modules and been able to gain control of the CAN bus with the execution of arbitrary, unauthorized diagnostic requests of BMW in-car systems remotely.”

BMW is currently developing firmware updates for its high-profile car models including BMW X Series, BMW I Series and BMW 3, 5 and 7 Series. The company has already shipped configuration updates through its over-the-air component updating system. But, firmware updates will have to be installed at the authorized BMW dealer outlets.

BMW has appreciated the efforts of Tencent researchers and stated that it is the “most comprehensive and complex testing ever conducted on BMW Group vehicles by a third party.” BMW has also announced that Keen Security Lab would be the first winner of the BMW Group Digitalization and IT Research Award.

Image credit: Depositphotos

See: Man implants a microchip in his hands to open doors & unlock the car with ease

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.