5 on 22 May, Tencent Cohen Laboratory released a BMW, many different models of 14 common security vulnerabilities, these vulnerabilities can be through physical contact and remote non-contact and other ways triggered, according to its official blog to reveal that at present all the vulnerability details and attack methods have been the BMW official confirmed.
Focus on analysis of the car exposed to the external attack surface
According to its official blog the introduction, research beginning in 2017, 1 month, lab-to-many BMW car, the car infotainment system Head Unit, a telematics module, T-Box and a vehicle Central Gateway Central Gateway hardware research, with a focus on the analysis of the car exposed to the external attack surface, including the GSM network, BMW Remote Services, BMW ConnectedDrive system, remote diagnostics, NGTP Protocol, a Bluetooth Protocol, USB and the OBD-II interface, for BMW multi models of the physical contact and the remote non-contact attack, proved to be remote to crack the in-vehicle infotainment systems, car communication module, etc., access to the CAN bus of the control.
Currently, the Cohen laboratory has been to BMW to report the vulnerability and the attack chain more details, and to provide technical analysis and associated repair recommendations.
Vulnerabilities to attack the chain