June 1, 2018 at
Danger in the modern vehicles
The new age has brought a lot of useful gadgets and smart devices, and the IoT seems to be thriving with each passing day. Even our cars are getting internet access, which allows for many benefits. However, it would appear that a lot of danger comes with this as well, and researchers have discovered that the cars can now even be hacked, just like IoT devices.
The vehicles’ connection to the internet poses a lot of danger, and the danger is bigger if the vehicle in question has more internet connection. Basically, it is much easier to find a flawed part of the system, and exploit it. This has caused a lot of car-makers to lead the tech industry into a new age, where the security would be of an even higher priority than before. Despite this, researchers still managed to find flaws in BMW vehicles, which could create problems for their owners.
Researchers of Keen Security Lab, which belongs to the China-based company called Tencent, have issued a report regarding the modern BMW vehicles. According to this report, the cars were found to have up to 14 security vulnerabilities, none of which were fixed as of yet. Luckily, the issues are not that serious, and it would be fairly difficult to make some major damage by exploiting them. Still, this discovery is still pretty alarming, since it shows that there are loopholes that could potentially be exploited by a skilled enough individual.
Other carmakers might have similar issues
A bigger problem includes the computing system called QNX, which is often used by car manufacturers. This means that, despite the fact that the flaws were found in BMWs, it is likely that other firms have the same problem. Researchers have also reported that a few of the 14 flaws can even be exploited remotely. The flaws mostly impact the central gateway module, TCU, and the infotainment system in these cars. Theoretically, it is possible for a potential hacker to take full control over the car’s component that they are capable of affecting.
An even bigger problem that the researchers have reported includes the access to the inner CAN bus of the targeted vehicle. This CAN bus is the component responsible for making interconnectedness between the vehicle’s parts and functions. As part of their study, researchers have even managed to fully hack the car via the combination of remote hacking and USB access.
In their report, they stated that they were able to prove that gaining access to the car is possible. As part of their development, BMW was creating firmware updates for several car models. Those include BMW I Series, BMW X Series, as well as BMW 3, 5, and also 7 Series. Configuration updates have already been shipped via the updating system. However, when it comes to firmware, they can only be updated manually at the BMW dealer outlets.
Despite the fact that Tencent’s researchers have found a lot of flaws in a seemingly flawless system, the company still appreciated and applauds their efforts. They said that Tencent’s researchers have made the most complex and comprehensive research and testing that was ever conducted on BMW’s cars by someone unrelated to the company. In thanks, the carmaker announced that the Lab will receive the first award for BMW Group Digitalization and IT Research.