These BMW cars can be attacked and controlled remotely
Chinese hackers have found 14 flaws in a series of models from the German manufacturer. They would remotely manipulate the internal workings of vehicles. Patches are being deployed.
In 2017, the BMW group commissioned security researchers at Tencent Keen Security Lab (TKSL) to test the safety of their cars. A first report of this audit has just been published. The balance is rather crisp. Analyzing for thirteen months four models of the manufacturer (i3 94, X1 sDrive 18Li, 532Li, 730Li), Chinese hackers have found a total of 14 faults.
These faults are divided into three internal equipment of these luxury coaches: the entertainment system (NBT Head Unit), the communication system and remote services (Telematic Communication Box, TCB) and the central communication gateway (Central Gateway Module, CGM).
Among these faults, six can be exploited remotely, by Bluetooth or GSM waves. The last case is obviously more interesting for the attacker. Based on a false base station and some amplifiers, the range can reach several hundred meters.
By combining these different vulnerabilities with each other, TKSL shows that it is possible to create a complete chain of attacks to implement backdoors in NBT HU and TCB systems and remotely execute commands with privileges. administrator (remote root shell). From there, the attacker can rely on the central gateway to send false diagnostic messages to the different control units. These modules control the essential functions of the vehicle and are interconnected by one or more CAN (Controller Area Network) networks. These false diagnostic messages can alter their operation and thus open the door to remote handling of the vehicle.
Having tested only four specific cars, TKSL can not assess the risk on the entire BMW range. But it is very likely that these flaws are also found on other models. TCB units, for example, exist in different lines since 2012.
The ball is now in the camp of the builder, who will have to check that. The good news is that BMW has already started broadcasting patches since last April, either directly through remote updates or through its dealers. In early 2019, when all these vulnerabilities are corrected, TKSL should publish a second version of its report, with all the technical details.
paypal,facebook,yahoo,mail,google,maps,ebay,amazon,barcelone,realmadrid,netflix,craigslist,AliCarter,Liverpool,AlfieEvans,YankeesVsAngels,RonanFarrow,YeVsThePeople,MesotheliomaLawFirm,Donate,CarToCharity,California,Donate,Car,ForTaxCredit,DonateCarsInMa;Insurance,Loans,Mortgage,Attorney,Credit,Lawyer,Donate,Degree,Hosting,Claimcashfear,softwares,money,football,SPORTNEWS,cars,carrental,cellphone,phonenumber,forex,torrent,voip,net,adsence,tollsspeakers,tipsspeakers,iphonespeakers,phones,iphone4,facebook,youtube,twitter,livematch,newslive,watchmatchforfree,watchlaligaforfree,watchserieAliveonjsc+,softwares,football,SPORTNEWS,cars,carrental,cellphone,phonenumber,forex,torrent,voip,net,adsence,tollsspeakers,tipsspeakers,iphonespeakers,phones,iphone4,facebook,youtube,twitter,livematch,newslive,watch match for free,watch laliga for free,watch serie A live on jsc+,windows 7,windows 8
Commentaires
Enregistrer un commentaire