A team of three security researchers has found and disclosed two security flaws in the TCU (telematics control unit) components that ship with various luxury car models.
TCUs are 2G modems that receive or send data from a car's internal system and are used as an interface between the car and remote management tools such as web panels and mobile apps.
The researchers found the flaws in TCUs manufactured by Continental AG, and more specifically in TCUs that use the S-Gold 2 (PMB 8876) cellular baseband chipset.
BMW, Ford, Infiniti, and Nissan cars affected
According to an alert issued by the Department of Homeland Security (DHS), the following car models use vulnerable TCUs:
BMW several models produced between 2009-2010
Ford - program to update 2G modems has been active since 2016 and impact is restricted to the limited number of P-HEV vehicles equipped with this older technology that remain in service.
Infiniti 2013 JX35
Infiniti 2014-2016 QX60
Infiniti 2014-2016 QX60 Hybrid
Infiniti 2014-2015 QX50
Infiniti 2014-2015 QX50 Hybrid
Infiniti 2013 M37/M56
Infiniti 2014-2016 Q70
Infiniti 2014-2016 Q70L
Infiniti 2015-2016 Q70 Hybrid
Infiniti 2013 QX56
Infiniti 2014-2016 QX 80
Nissan 2011-2015 Leaf
The two flaws are a buffer overflow in the TCU’s component that processes AT commands (CVE-2017-9647), and a flaw that allows attackers to execute code via one of the TCU’s inner components (baseband radio processor) (CVE-2017-9633).
An attacker would need physical access to a car’s to exploit the first flaw, while the second can be exploited from remote locations. Proof-of-concept (PoC) exploit code is available online for both flaws.
