As automobiles become increasingly digitized the attack surface also increases. Recently, a group of Chinese white hat hackers at Keen Security Lab found 14 vulnerabilities in BMW cars. These vulnerabilities stem from two main sources, the internet-connected ‘Infotainment System’ and the Telematics Control Unit. Together, these features improve driver experience by allowing phone to car connection and traffic assisted GPS systems. However, as said before, they also open cars for cyberattack.
The group published a report of their findings here. Fortunately, they decided to leave crucial information out to ensure the safety of drivers, yet, it is expected that the full report will be published in 2019 when BMW patches the issues. Half of the issues required local access to the car – like a USB key- while 6 of the vulnerabilities allowed hackers to access the car remotely.
These issues left un-patched would allowed hackers to infiltrate the main systems of a car, effectively giving them complete control over the operation of a vehicle.
Since these findings BMW has become aware of the issues and is actively fixing it. Updates will be remotely configured to effected vehicles.
Unfortunately, BMW isn’t the only auto manufacturer at risk; fellow German car maker Volkswagen is also at risk. Dutch pen-testers Computest found a way into the cars Control Area Network (CAN), this foreshadows that:
“if an attacker would gain access to the CAN bus of a vehicle, he or she would control the car. They could impersonate the front radar, for example, to instruct the braking system to make an emergency stop due to a near collision or take over the steering.”
However, when the firm found this vulnerability they decided to stop their research, fearing they would break the law and endanger drivers. Since then, VW has invited the group to their headquarters to further explain the issue.
To stay ahead of security risks, make sure to reach out and see we can solve your cybersecurity needs.
Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions or want to learn more about how Symantec can improve your organization’s security, our services or just want to chat security please give us a shout.