BMW Cars Can He Hacked

Uploaded on 2018-06-26 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

New research has discovered critical vulnerabilities in several BMW car models. Researchers from Keen Security Lab, a cybersecurity research unit of Chinese company Tencent, have conducted an in-depth analysis of various systems present in BMW cars and discovered 14 locally and remotely exploitable vulnerabilities. 

Keen Security Lab focused on the head unit, the telematics control unit (TCU or T-Box), and the central gateway module in several BMW models. The experts tested various systems that critically influence the vehicle functioning and security, supplying just another proof of the importance of autonomous cars security.

The research raises high interest in the car industry, as much of the information in it has not been published yet in order to avoid malicious use of the vulnerabilities before they are patched. The full results will be published only in the beginning of 2019, according to securityweek.com.

Karmaba Security specialises in car cybersecurity and prevention of malicious access to these vehicles’ smart systems. According to Assaf Harel, the company’s Chief Scientist and Co-Founder, 

“The vulnerabilities identified enable the assailant a remote control over the operating system of the vehicle, the electronic control unit (ECU), and from that stage, he is able to gain control over a whole vehicle fleet.

“The defense and information security approach that applies solutions incorporating updates for identifying attacks is obsolete and not efficient regarding the security of the vehicle’s activities during the ride.

“In real time, these systems will not be reliable, as securing one part of the smart vehicle system will not guarantee the same level of security for another part. This is the reason why our security focuses on the manufacturer’s specific definitions regarding each model of the car, so we are able to supply a complete peripheral defense that sees the vehicle as a whole and not just a system in it.

“Another clear conclusion drawn from the research, so far, emphasises our claim that in fact, there is no efficient way to secure the gateway because the information has to stream among the vehicle’s systems. Using ‘intermediary’/third-party solutions will only expose the systems to more vulnerabilities.

“The vehicle systems’ interfaces vis a vis external interfaces, such as battery charging, diagnosis and testing services, autonomous parking etc. require a wide array of communication channels. Securing each and every one of the will harm the vehicle’s performances. 

He concluded that with the company’s innovative technology, “the autonomous security adjusts itself to the clear definitions of the car and its technological interfaces without harming performances. This is achieved by controlling one main channel, that includes all the basic definitions so that the vehicle remains secure and free from any external hostile influence.”

I-HLS

You Might Also Read:

Protecting Vehicles From Cyber- Attack:

Solutions To Automotive Cyber Hacking Risks:
 

 

« White Hat To Combat Cyber-Attacks
German Nuclear Plant Infected With Viruses »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

AON

AON

Aon is a leading global provider of risk management (including cyber), insurance and reinsurance brokerage, human resources solutions and outsourcing services.

Lutech

Lutech

Lutech is an Italian ICT engineering and services company. Business solution areas include cyber security.

Pradeo

Pradeo

Pradeo Security offers a complete, automatic and seamless protection to mobile devices and applications, aligned with your organization security policy while preserving business agility.

Cybertech

Cybertech

Cybertech Conference & Exhibition presents commercial problem solving strategies and solutions for the global cyber threat that meet the diverse challenges for a wide range of sectors.

MedCrypt

MedCrypt

MedCrypt are a team of medical device experts focused on bringing modern cybersecurity features to the next generation of healthcare technology.

Nextcloud

Nextcloud

Nextcloud offers offers solutions to the combined need of security and ubiquitous access to data and collaboration technology.

Marcus Donald People

Marcus Donald People

Marcus Donald People is a UK IT recruitment specialist covering the following sectors: Infrastructure & Cloud, Information Security, Development, Business transformation.

HCC Embedded

HCC Embedded

HCC’s mission is to ensure that data stored or communicated by an embedded IoT application is secure, safe and reliable.

ArmorText

ArmorText

ArmorText offers a seamless channel for communication and collaboration for organizations concerned with keeping communication data private and secure.

Uptycs

Uptycs

Uptycs combines the open source universal agent, osquery, with a scalable security analytics platform for fleet visibility, intrusion detection, vulnerability monitoring and compliance.

NARIS

NARIS

NARIS is the leading provider of an integrated Governance, Risk and Compliance platform called NARIS GRC.

International College For Security Studies (ICSS)

International College For Security Studies (ICSS)

ICSS India offers technical education to students, clients and partners in IT Industry by our well qualified, certified and experienced trainers.

DH2i Company

DH2i Company

DH2i is a leading provider of multi-platform Software Defined Perimeter and Smart Availability software enabling customers to create an entire IT infrastructure that is always-secure and always-on.

Digital Intelligence

Digital Intelligence

Digital Intelligence offer a full array of products, forensic and e-discovery consulting services and training.

G-71

G-71

G-71 LeaksID is a cutting-edge ITM technology aimed at safeguarding sensitive documents from insider threats.

SecurEnvoy

SecurEnvoy

SecurEnvoy are a leader in designing zero access trust solutions using the latest cutting-edge technologies, to protect your users, devices and data, whatever the location.