BMW is working on firmware updates for some of its cars after researchers from the Tencent Keen Security Lab have discovered 14 flaws affecting high-profile car models such as BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series.
The security flaws have been discovered during a year-long experiment carried out by the Chinese security firm between January 2017 and February 2018.
Keen Lab researchers notified BMW of the 14 flaws they found in March 2018. After BMW started rolling out mitigations, the Chinese researchers published today a summary of the 14 vulnerabilities in a
26-page technical report.
Flaws affect cars going back as far as 2012
The flaws affect BMW cars going back as far as 2012, Keen Lab researchers said, basing their assertion on the vulnerable components they exploited and their first sighting in BMW cars.
The point of entry for these hacks were the cars' infotainment and telematics systems. Researchers said they were able to combine the 14 flaws to escalate their access to the car's inner CAN bus —the component that interconnects all other car components and functions.
Researchers said they hacked BMW cars in scenarios that provided local access to the car (via a USB stick) or via remote hacks (using a software-defined radio).
