Problems with BMW, Ford, Infiniti and Nissan vehicles. A team of three security researchers discovered two security flaws in TCU components (unit control telematics) which are included in various car models that are connected to the internet.
TCUs are 2G modems which send and receive data from a car's internal system. They are used as an interface between the car and remote management tools, such as web panels and mobile applications.
The researchers found the defects in TCUs manufactured by Continental AG, and more specifically in TCUs that use the cellular baseband chipset S-Gold 2 (PMB 8876).
Thus, according to a notice issued by the Department of Homeland Security (DHS), the following car models use vulnerable TCUs:
BMW models built between 2009-2010
Ford (a recall program for 2G modems runs from 2016 and so the problem exists in a limited number of vehicles equipped with P-HEV.
Infiniti 2013 JX35
Infiniti 2014-2016 QX60
Infiniti 2014-2016 QX60 Hybrid
Infiniti 2014-2015 QX50
Infiniti 2014-2015 QX50 Hybrid
Infiniti 2013 M37 / M56
Infiniti 2014-2016 Q70
Infiniti 2014-2016 Q70L
Infiniti 2015-2016 Q70 Hybrid
Infiniti 2013 QX56
Infiniti 2014-2016 QX 80
Nissan 2011-2015 Leaf
The two defects concern one buffer overflow in the TCU element that processes the AT commands (CVE-2017-9647) and a flaw that allows attackers to run code via one of the internal elements of the TCU (baseband radio) (CVE-2017-9633).
In the first vulnerability, the attacker would need physical access to the target car, while the latter may take advantage of remote locations. The exploits code (Proof-of-concept or PoC) is available for both defects.
The car makers involved said the defects allow attackers only access to the car's entertainment system and not to critical operations such as braking, engine control or vehicle doors.
BMW stated that it “will offer service to affected customers” and Nissan said it will disable 2G modems (TCU) for all affected customers free of charge. This measure also applies to owners of Nissan-owned Infiniti cars.
Ford said it started disabling all 2G modem from last year, 2016. The company has told ICS-CERT that there are very few 2G modems on the market.
Security researchers Mickey Shkatov, Jesse Michael and Oleksandr Bazhaniuk from McAfee's Advanced Threat Research Team presented their findings at the DEF CON security conference held in Las Vegas last week. (PDF)