In total, researchers have identified 14 vulnerabilities in Multiple Internet-Connected BMW vehicles putting them at risk of being hacked.
Old times were trouble-free when we could live without the fear of our home appliances being monitored without our permission and our cars being hacked remotely. Today, almost every car has a computer or silicon chip installed, which makes our vehicles vulnerable to exploitation by cybercriminals.
The more connected to the internet a vehicle is, the higher its chances of getting exploited. In this regard, mainstream firms are leading the tech industry with innovative solutions to make their cars tech-savvy such as BMW. So it is not surprising that security researchers have identified vulnerabilities in these modern cars too.
According to the analysis of researchers at Chinese firm Tencent’s cybersecurity unit Keen Security Lab, modern BMW cars contain 14 security vulnerabilities and all of them aren’t fixed yet. It is although heartening to know that the security issues are not that serious and have very little chance of exploitation but it is indeed alarming that BMW cars have security loopholes.
Another important aspect is that the QNX computing system is used by BMW for its cars, which is commonly used by various automotive firms. This means many other cars would be having security flaws.
As per the analysis from [PDF] Tencent Keen Security researchers, some of the flaws in BMW cars are remotely exploitable. The 14 vulnerabilities impact the central gateway module, infotainment system and TCU of the vehicles. Some flaws can be exploited to launch arbitrary code and gain full control of the affected component.
Researchers obtained entry to BMW cars’ security system via its infotainment and telematics systems and state that through combining the 14 security flaws, they could acquire access to the inner CAN bus of the car. The CAN bus is responsible for creating interconnectedness between all the functions and components of a vehicle. Using local access (USB) and through remote hacking, researchers were able to hack BMW cars.
In their report, researchers noted: “Our research findings have proved that it is feasible to gain local and remote access to infotainment, T-Box components and UDS communication above a certain speed of selected BMW vehicle modules and been able to gain control of the CAN bus with the execution of arbitrary, unauthorized diagnostic requests of BMW in-car systems remotely.”
BMW is currently developing firmware updates for its high-profile car models including BMW X Series, BMW I Series and BMW 3, 5 and 7 Series. The company has already shipped configuration updates through its over-the-air component updating system. But, firmware updates will have to be installed at the authorized BMW dealer outlets.
BMW has appreciated the efforts of Tencent researchers and stated that it is the “most comprehensive and complex testing ever conducted on BMW Group vehicles by a third party.” BMW has also announced that Keen Security Lab would be the first winner of the BMW Group Digitalization and IT Research Award.
Image credit: Depositphotos