Jump to content
Nytro

Experimental Security Assessment of BMW Cars

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted 
1. Introduction ................................................................................................................................. 1
2. Research Description .................................................................................................................. 2
2.1 Infotainment System ......................................................................................................... 3
2.1.1 USB Interface......................................................................................................... 5
2.1.2 E-NET over OBD-II .............................................................................................. 6
2.1.3 Bluetooth Stack ...................................................................................................... 7
2.1.4 ConnectedDrive Service ........................................................................................ 8
2.1.5 K-CAN Bus ............................................................................................................ 9
2.2 Telematics Control Unit .................................................................................................... 9
2.2.1 Remote Service with NGTP................................................................................. 12
2.2.2 Remote Diagnosis ................................................................................................ 12
2.3 Central Gateway Module ................................................................................................ 12
2.3.1 Cross-Domain Diagnostic Messages ................................................................... 14
2.3.2 Lack of High Speed Limit on UDS...................................................................... 14
3. Vulnerability Findings .............................................................................................................. 15
4. Attack Chains ............................................................................................................................ 16
4.1 Contacted Attack ............................................................................................................. 17
4.2 Contactless Attack .......................................................................................................... 17
4.2.1 Bluetooth Channel ............................................................................................... 17
4.2.2 Cellular Network .................................................................................................. 18
5. Vulnerable BMW Models ......................................................................................................... 19
6. Disclosure Process .................................................................................................................... 21
7. Conclusion ................................................................................................................................ 22

Download: https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...