According to a report published by Tencent’s Keen Security Lab on May 22, several BMW models have multiple security holes, totaling a total of 14 items, most of which occurred in vehicle information. The Head Unit, part of which can be attacked remotely, is extremely difficult to detect.
Cohen Laboratories began early last year and conducted research on multiple BMW hardware and software. After more than a year, it completed the 26-page report and found 14 security loopholes. The researchers focused on the analysis. The car was exposed to multiple attack surfaces and it was found that hackers could crack the vehicle's infotainment system and communication controller through remote control to obtain vehicle control rights.
Among the 14 vulnerabilities discovered by the research team, 12 occurred in the infotainment system, and 6 of them could be remotely controlled for intrusion, 4 could be attacked via USB devices, and 2 would require physical contact. Affected models include I system, X system, 3 system, 5 system, 7 system, etc. There are 2 other loopholes involving Central Gateway. Therefore, there are two loopholes in the components that were deployed after 2012.
Cohen Lab announced remote intrusion method
Cohen Lab's Local Intrusion Method
BMW immediately stated that it would conduct research and hope to provide users with a patching solution as soon as possible. Cohen Labs also expects to publish a detailed study report containing details of the vulnerability in March next year.
