BMW, Ford, Nissan Hacked: use vulnerable modems

Προβλήματα σε οχήματα της BMW, Ford, Infiniti και Nissan. Μια ομάδα τριών ερευνητών ασφαλείας ανακάλυψε δύο ελαττώματα ασφαλείας στα εξαρτήματα TCU (μονάδα ελέγχου τηλεματικής) τα οποία εμπεριέχονται σε διάφορα μοντέλα αυτοκινήτων που συνδέονται στο .

TCUs are 2G modems which send and receive data from a car's internal system. They are used as an interface between the car and remote management tools, such as web panels and mobile applications.BMW

The researchers found the defects in the TCU manufactured by Continental AG, and more specifically TCUs using the S-Gold 2 (PMB 8876) cellular baseband chipset.

Thus, according to a notice issued by the Department of Homeland Security (DHS), the following car models use vulnerable TCUs:

Affected vehicles

BMW models built between 2009-2010
Ford (a recall program for 2G modems runs from 2016 and so the problem exists in a limited number of vehicles equipped with P-HEV.
Infiniti 2013 JX35
Infiniti 2014-2016 QX60
Infiniti 2014-2016 QX60 Hybrid
Infiniti 2014-2015 QX50
Infiniti 2014-2015 QX50 Hybrid
Infiniti 2013 M37 / M56
Infiniti 2014-2016 Q70
Infiniti 2014-2016 Q70L
Infiniti 2015-2016 Q70 Hybrid
Infiniti 2013 QX56
Infiniti 2014-2016 QX 80
Nissan 2011-2015 Leaf

Both defects involve a buffer overflow in the TCU component that processes them AT (CVE-2017-9647) and a flaw that allows attackers to run code via one of the internal elements of the TCU (baseband radio) (CVE-2017-9633).

In the first vulnerability an attacker would need physical access to the target car, while the second can be exploited from remote locations. The code of the exploits (Proof-of- or PoC) is available for both defects.

The car makers involved said the defects allow attackers only access to the car's entertainment system and not to critical operations such as braking, engine control or vehicle doors.

BMW said it would "provide service to affected customers" and Nissan said it would turn off 2G modems (TCUs) for all affected customers for free. This measure also applies to owners of Nissan-owned Infiniti cars.

Ford said it started turning off all 2G modems last year in 2016. The company told ICS-CERT that there are very few cars with 2G anymore at the market.

Security researchers Mickey Shkatov, Jesse Michael and Oleksandr Bazhaniuk from Advanced Threat The McAfee team presented their findings at the DEF CON security conference held in Las Vegas last week. (PDF)

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).