Jump to content
Nytro

Experimental Security Assessment of BMW Cars

Recommended Posts

1. Introduction ................................................................................................................................. 1
2. Research Description .................................................................................................................. 2
2.1 Infotainment System ......................................................................................................... 3
2.1.1 USB Interface......................................................................................................... 5
2.1.2 E-NET over OBD-II .............................................................................................. 6
2.1.3 Bluetooth Stack ...................................................................................................... 7
2.1.4 ConnectedDrive Service ........................................................................................ 8
2.1.5 K-CAN Bus ............................................................................................................ 9
2.2 Telematics Control Unit .................................................................................................... 9
2.2.1 Remote Service with NGTP................................................................................. 12
2.2.2 Remote Diagnosis ................................................................................................ 12
2.3 Central Gateway Module ................................................................................................ 12
2.3.1 Cross-Domain Diagnostic Messages ................................................................... 14
2.3.2 Lack of High Speed Limit on UDS...................................................................... 14
3. Vulnerability Findings .............................................................................................................. 15
4. Attack Chains ............................................................................................................................ 16
4.1 Contacted Attack ............................................................................................................. 17
4.2 Contactless Attack .......................................................................................................... 17
4.2.1 Bluetooth Channel ............................................................................................... 17
4.2.2 Cellular Network .................................................................................................. 18
5. Vulnerable BMW Models ......................................................................................................... 19
6. Disclosure Process .................................................................................................................... 21
7. Conclusion ................................................................................................................................ 22

Download: https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...