Ford, BMW, Infiniti and Nissan TCU presence of a vulnerability, can be remote intrusion-vulnerability warning-the black bar safety net

! [](/Article/UploadPic/2017-8/201785194413129. jpg? www. myhack58. com)
Three researchers found that Ford, BMW, Infiniti and Nissan Automatic Transmission Control Unit(TCU)in the presence of a vulnerability, these TCU are made by Continental AG production.
Vulnerability causes
The three researchers from McAfee, respectively, is Mickey Shkatov, Jesse, Michael and Oleksandr Bazhaniuk, they at last week’s Defcon conference showed research results.
TCU is actually a 2G modem, now the car generally use it to transfer data. Use this module between the cars can communicate with each other, you can also use the web Console and mobile app to remote control your phone.
Vulnerability is the S-Gold 2 (PMB 8876)cellular baseband chip, wherein a vulnerability is TCU in the processing AT command of the Assembly there is a buffer overflow vulnerability, vulnerability number CVE-2017-9647, these commands include AT+STKPROF, AT+XAPP, AT+XLOG and AT+FNS, these commands have a lot of Apple in 2015 is the repair of iPhone vulnerability. However, to perform this attack, the attacker needs the car to have the physical permissions.
! [](/Article/UploadPic/2017-8/201785194413533. png? www. myhack58. com)
And the other vulnerability is attacker can use TMSI temporary mobile Subscriber Identity to invade and control memory vulnerability number CVE-2017-9633, this vulnerability can be remotely exploited.
Three of the fellows in his speech said, for the problem the firmware the exploit as early as 2016 in the Ralf-Philip Weinmann of the iOS hackers Handbook mentioned.
Researchers Mickey Shkatov noted, in particular, want to remotely exploit vulnerabilities does not necessarily require a 2G Network. Only need to buy open-source the 2G base station:“if the attacker’s own creation of a malicious base station（pseudo base station, the TCU will go to the connected base station, which can trigger tmsi vulnerability. As long as TCU drove and searching for signals will be black.”
The ICS-CERT warning
ICS-CERT released a for Continental AG Infineon S-Gold 2 (PMB 8876)special warnings.
“Buffer overflow CWE-121: the attacker is in physical contact with the TCU under the conditions in the processing AT command of the process trigger a buffer overflow vulnerability. Can lead to TCU in the baseband processor remote code execution.
The memory buffer within the operating limits improper CWE-119: an attacker can use TMSI temporary mobile Subscriber Identity to invade and control memory. Can lead to TCU in the baseband processor remote code execution.”
“Exploitation of these vulnerabilities hacker can execute arbitrary code. This will allow an attacker to disable the vehicle’s infotainment system and affect the vehicle’s function. According to the affected Automobile manufacturers, these vulnerabilities do not directly affect the vehicle’s key safety features.“ ICS-CERT issued the alert said.
The scope of the impact
Vulnerability models include:
BMW 2009-2010, of the plurality of models
Ford starting from 2016 Ford use the software update 2G modem, so the impact is limited to a few models equipped with the old technology of the P-HEV car
Infiniti 2013 JX35
Infiniti 2014-2016 QX60
Infiniti 2014-2016 QX60 Hybrid
Infiniti 2014-2015 QX50
Infiniti 2014-2015 QX50 Hybrid
Infiniti 2013 M37/M56
Infiniti 2014-2016 Q70
Infiniti 2014-2016 Q70L
Infiniti 2015-2016 Q70 Hybrid
Infiniti 2013 QX56
Infiniti 2014-2016 QX 80
Nissan 2011-2015 Leaf
Vendor response
Nissan company announced that like its Nissan and Infiniti brands owner free provided disable the 2G modem service. And BMW the company it represents will be to the affected customers. By contrast, the Ford Motor Company has long been in 2016 disable all 2G modem.
The TCU manufacturer Continental also has confirmed the vulnerability, but has yet to launch a repair programme.