BMW Cars Can He Hacked

Uploaded on 2018-06-26 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

New research has discovered critical vulnerabilities in several BMW car models. Researchers from Keen Security Lab, a cybersecurity research unit of Chinese company Tencent, have conducted an in-depth analysis of various systems present in BMW cars and discovered 14 locally and remotely exploitable vulnerabilities. 

Keen Security Lab focused on the head unit, the telematics control unit (TCU or T-Box), and the central gateway module in several BMW models. The experts tested various systems that critically influence the vehicle functioning and security, supplying just another proof of the importance of autonomous cars security.

The research raises high interest in the car industry, as much of the information in it has not been published yet in order to avoid malicious use of the vulnerabilities before they are patched. The full results will be published only in the beginning of 2019, according to securityweek.com.

Karmaba Security specialises in car cybersecurity and prevention of malicious access to these vehicles’ smart systems. According to Assaf Harel, the company’s Chief Scientist and Co-Founder, 

“The vulnerabilities identified enable the assailant a remote control over the operating system of the vehicle, the electronic control unit (ECU), and from that stage, he is able to gain control over a whole vehicle fleet.

“The defense and information security approach that applies solutions incorporating updates for identifying attacks is obsolete and not efficient regarding the security of the vehicle’s activities during the ride.

“In real time, these systems will not be reliable, as securing one part of the smart vehicle system will not guarantee the same level of security for another part. This is the reason why our security focuses on the manufacturer’s specific definitions regarding each model of the car, so we are able to supply a complete peripheral defense that sees the vehicle as a whole and not just a system in it.

“Another clear conclusion drawn from the research, so far, emphasises our claim that in fact, there is no efficient way to secure the gateway because the information has to stream among the vehicle’s systems. Using ‘intermediary’/third-party solutions will only expose the systems to more vulnerabilities.

“The vehicle systems’ interfaces vis a vis external interfaces, such as battery charging, diagnosis and testing services, autonomous parking etc. require a wide array of communication channels. Securing each and every one of the will harm the vehicle’s performances. 

He concluded that with the company’s innovative technology, “the autonomous security adjusts itself to the clear definitions of the car and its technological interfaces without harming performances. This is achieved by controlling one main channel, that includes all the basic definitions so that the vehicle remains secure and free from any external hostile influence.”

I-HLS

You Might Also Read:

Protecting Vehicles From Cyber- Attack:

Solutions To Automotive Cyber Hacking Risks:
 

 

« White Hat To Combat Cyber-Attacks
German Nuclear Plant Infected With Viruses »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Recorded Future

Recorded Future

Recorded Future arms security teams with threat intelligence powered by patented machine learning to lower risk.

Ideagen

Ideagen

Ideagen provides information management, safety, risk and compliance software solutions that allow organisations to achieve operational excellence, regulatory compliance and reduce risk.

ENEA Qosmos Division

ENEA Qosmos Division

Qosmos, a division of Enea, leads the market for IP traffic classification and network intelligence technology used in physical, SDN and NFV architectures.

Sistem Integra (SISB)

Sistem Integra (SISB)

SISB provide IT Security Infrastructure & Development, Mechanical & Electrical Services, Fire Safety & Detection Services, Facilities Management & Application Development.

APT Search

APT Search

APT Search is a recruitment company specialising within the Legal Technology, Cybersecurity and Privacy sectors.

ADL Consulting

ADL Consulting

ADL Consulting provide information security-related consultancy and training support to businesses across the UK. Our services include ISO27001, GDPR, Cyber Essentials and training.

Cybrella

Cybrella

Cybrella offers professional cybersecurity services for small to medium sized businesses and to larger enterprises looking to expand their cybersecurity capabilities.

Armo

Armo

Armo technology enhances any Kubernetes deployment with security, visibility, and control from the CI/CD pipeline through production.

AutoSec

AutoSec

AutoSec supports the FFI program Electronics, Software and Communication by dissemination and exploitation of the results of projects related to automotive cybersecurity.

ViewQwest

ViewQwest

ViewQwest is a regional telecommunications & information technology services company. We specialize in providing Connectivity, Managed Network, Managed SD-WAN, and Managed Security solutions.

Polestar Industrial IT

Polestar Industrial IT

Polestar work on both sides of the IT & OT divide. Network, Data & Asset Security is our priority. Polestar installations are robust and resilient and comply with the appropriate security.

HLB Mann Judd (Fiji)

HLB Mann Judd (Fiji)

HLB Mann Judd (Fiji) (formerly known as HLB Crosbie & Associates) is a well-established firm of accountants and business advisers in Fiji.

Anonos

Anonos

Anonos is a global software company that provides the only technology capable of protecting data in use with 100% accuracy, even in untrusted environments.

Attestiv

Attestiv

Attestiv puts authenticity into photos, videos and documents by utilizing advanced technologies in AI and tamper-proofing.

Creative Network Innovations (CNI)

Creative Network Innovations (CNI)

Creative Network Innovations is a leader in providing advanced IT and cybersecurity solutions.

Federal Office for the Protection of the Constitution (BfV)

Federal Office for the Protection of the Constitution (BfV)

The Federal Office for the Protection of the Constitution (Bundesamt für Verfassungsschutz - BfV) is the domestic intelligence services of the federal government of Germany.