BMW Cars Can He Hacked

New research has discovered critical vulnerabilities in several BMW car models. Researchers from Keen Security Lab, a cybersecurity research unit of Chinese company Tencent, have conducted an in-depth analysis of various systems present in BMW cars and discovered 14 locally and remotely exploitable vulnerabilities. 

Keen Security Lab focused on the head unit, the telematics control unit (TCU or T-Box), and the central gateway module in several BMW models. The experts tested various systems that critically influence the vehicle functioning and security, supplying just another proof of the importance of autonomous cars security.

The research raises high interest in the car industry, as much of the information in it has not been published yet in order to avoid malicious use of the vulnerabilities before they are patched. The full results will be published only in the beginning of 2019, according to securityweek.com.

Karmaba Security specialises in car cybersecurity and prevention of malicious access to these vehicles’ smart systems. According to Assaf Harel, the company’s Chief Scientist and Co-Founder, 

“The vulnerabilities identified enable the assailant a remote control over the operating system of the vehicle, the electronic control unit (ECU), and from that stage, he is able to gain control over a whole vehicle fleet.

“The defense and information security approach that applies solutions incorporating updates for identifying attacks is obsolete and not efficient regarding the security of the vehicle’s activities during the ride.

“In real time, these systems will not be reliable, as securing one part of the smart vehicle system will not guarantee the same level of security for another part. This is the reason why our security focuses on the manufacturer’s specific definitions regarding each model of the car, so we are able to supply a complete peripheral defense that sees the vehicle as a whole and not just a system in it.

“Another clear conclusion drawn from the research, so far, emphasises our claim that in fact, there is no efficient way to secure the gateway because the information has to stream among the vehicle’s systems. Using ‘intermediary’/third-party solutions will only expose the systems to more vulnerabilities.

“The vehicle systems’ interfaces vis a vis external interfaces, such as battery charging, diagnosis and testing services, autonomous parking etc. require a wide array of communication channels. Securing each and every one of the will harm the vehicle’s performances. 

He concluded that with the company’s innovative technology, “the autonomous security adjusts itself to the clear definitions of the car and its technological interfaces without harming performances. This is achieved by controlling one main channel, that includes all the basic definitions so that the vehicle remains secure and free from any external hostile influence.”

I-HLS

You Might Also Read:

Protecting Vehicles From Cyber- Attack:

Solutions To Automotive Cyber Hacking Risks:
 

 

« White Hat To Combat Cyber-Attacks
German Nuclear Plant Infected With Viruses »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Exclusive Networks

Exclusive Networks

Exclusive Networks accelerate market entry and growth for innovative cybersecurity, networking and infrastructure technologies.

Untangle

Untangle

Untangle provides network security products designed specifically for the below-enterprise market, safeguarding businesses, home offices, nonprofits, schools and governmental organizations.

Mnemonica

Mnemonica

Mnemonica specializes in providing data protection system, information security compliance solutions, cloud and managed services.

Datplan

Datplan

Datplan offers a software solution that gives an overview of 8 key cyber risk areas, their threats, and risk management steps.

ProSearch Partners

ProSearch Partners

ProSearch Partners are national talent acquisition specialists exclusively focussing on Technology and Digital talent including Cybersecurity, Data Analytics and Execs.

Tego Cyber

Tego Cyber

Tego Cyber delivers a state-of-the-art threat intelligence platform that helps enterprises deploy the proper resolution to an identified threat before the enterprise is compromised.

Wavex Technology

Wavex Technology

Wavex Technology is an award winning IT Services firm offering clients a secure and fully managed IT service.

Almond

Almond

Almond is positioned as a key independent French player in audit and consulting in the fields of Cybersecurity, Cloud and Infrastructure.

Presidio Identity

Presidio Identity

Presidio Identity offers a digital-native approach that brings security, privacy, and simplicity to user authentication and digital interactions.

Technivorus Technology

Technivorus Technology

Technivorus is a deep-tech firm delivering customized Cybersecurity, Digital Marketing, Web & App Development, and multifarious IT services for businesses across the globe.

Techsolidity

Techsolidity

Techsolidity is an emerging e-learning platform that offers a wide range of upskilling programs worldwide in areas including cybersecurity.

BlueCat Networks

BlueCat Networks

BlueCat is the Adaptive DNS company. Our mission is to help the world’s largest organizations thrive on network complexity, from the edge to the core.

Hook Security

Hook Security

Setting a new standard in security awareness. Hook Security is a people-first company that uses psychological security training to help companies create security-aware culture.

coc00n

coc00n

coc00n secures the devices of high-value and high-interest individuals against cyber attacks.

BLOCX

BLOCX

BLOCX is designed to address the ever-growing challenges of managing and securing digital devices, from personal computers to corporate networks.

SITS Group

SITS Group

SITS Group excel in delivering a comprehensive range of Cyber Security consulting and managed services, from cloud transformation to risk management.