BMW Cars Can He Hacked

Uploaded on 2018-06-26 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Transport & Travel

New research has discovered critical vulnerabilities in several BMW car models. Researchers from Keen Security Lab, a cybersecurity research unit of Chinese company Tencent, have conducted an in-depth analysis of various systems present in BMW cars and discovered 14 locally and remotely exploitable vulnerabilities. 

Keen Security Lab focused on the head unit, the telematics control unit (TCU or T-Box), and the central gateway module in several BMW models. The experts tested various systems that critically influence the vehicle functioning and security, supplying just another proof of the importance of autonomous cars security.

The research raises high interest in the car industry, as much of the information in it has not been published yet in order to avoid malicious use of the vulnerabilities before they are patched. The full results will be published only in the beginning of 2019, according to securityweek.com.

Karmaba Security specialises in car cybersecurity and prevention of malicious access to these vehicles’ smart systems. According to Assaf Harel, the company’s Chief Scientist and Co-Founder, 

“The vulnerabilities identified enable the assailant a remote control over the operating system of the vehicle, the electronic control unit (ECU), and from that stage, he is able to gain control over a whole vehicle fleet.

“The defense and information security approach that applies solutions incorporating updates for identifying attacks is obsolete and not efficient regarding the security of the vehicle’s activities during the ride.

“In real time, these systems will not be reliable, as securing one part of the smart vehicle system will not guarantee the same level of security for another part. This is the reason why our security focuses on the manufacturer’s specific definitions regarding each model of the car, so we are able to supply a complete peripheral defense that sees the vehicle as a whole and not just a system in it.

“Another clear conclusion drawn from the research, so far, emphasises our claim that in fact, there is no efficient way to secure the gateway because the information has to stream among the vehicle’s systems. Using ‘intermediary’/third-party solutions will only expose the systems to more vulnerabilities.

“The vehicle systems’ interfaces vis a vis external interfaces, such as battery charging, diagnosis and testing services, autonomous parking etc. require a wide array of communication channels. Securing each and every one of the will harm the vehicle’s performances. 

He concluded that with the company’s innovative technology, “the autonomous security adjusts itself to the clear definitions of the car and its technological interfaces without harming performances. This is achieved by controlling one main channel, that includes all the basic definitions so that the vehicle remains secure and free from any external hostile influence.”

I-HLS

You Might Also Read:

Protecting Vehicles From Cyber- Attack:

Solutions To Automotive Cyber Hacking Risks:
 

 

« White Hat To Combat Cyber-Attacks
German Nuclear Plant Infected With Viruses »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Exec

Cyber Exec

Cyber Exec is an executive search firm dedicated to global talent acquisition in Cyber Security, Information Technology, Defense...

My Data Recovery Lab

My Data Recovery Lab

We recover data from: HDDs, RAIDs, NAS, SSDs, USB Flash Devices, Desktop Computers, Mobile devices and other data storage media.

mnemonic

mnemonic

mnemonic helps businesses manage their security risks, protect their data and defend against cyber threats.

Israel National Cyber Directorate (INCD)

Israel National Cyber Directorate (INCD)

The Israel National Cyber Directorate is the national security and technological agency responsible for defending Israel’s national cyberspace and for establishing and advancing Israel’s cyber power.

BCS Financial

BCS Financial

BCS Financial delivers financial and insurance solutions. Specialty risk products include Cyber and Privacy Liability insurance.

Kryptus

Kryptus

Kryptus provides a wide array of solutions for hardware, firmware and software ranging from semiconductors to complex digital certificate management systems.

Cybersecurity & Infrastructure Security Agency (CISA)

Cybersecurity & Infrastructure Security Agency (CISA)

CISA leads the national effort to defend critical infrastructure against the threats of today and to secure against the evolving risks of tomorrow.

Information Systems Security Partners (ISSP)

Information Systems Security Partners (ISSP)

ISSP is a specialized system integrator focused on the information security needs of its corporate clients and providing best in class products and services for securing organizational information.

Fedco International

Fedco International

Fedco International is an IT and SCADA ICS Security consultancy firm.

CPP Group UK

CPP Group UK

CPP Group UK develops products to help insurers add further value to their products and services through its innovative suite of new products in FinTech, InsurTech and cyber security.

boxxe

boxxe

boxxe create flexible IT infrastructures, collaborative global workspaces and data clarity, all underpinned by world-leading security.

Consistec Engineering & Consulting

Consistec Engineering & Consulting

Consistec Engineering & Consulting GmbH is an information technology and services company offering solutions for monitoring the security of IT and OT infrastructure.

Viettel Cyber Security

Viettel Cyber Security

Viettel Cyber Security is an organization under the Military Telecommunication Industry Group, conducting research and developing information security solutions for domestic and foreign customers.

META-Cyber

META-Cyber

META-cyber was founded by engineers with experience in process and control-protection to provide cyber security for industrial infrastructure.

EdgeWatch

EdgeWatch

EdgeWatch is a platform that helps information accredited security practitioners discover, monitor, and analyze devices that are accessible from the Internet.

Code First Girls

Code First Girls

Code First Girls are on a mission to close the gender gap in the tech industry by providing employment through free education.