INFRA
INFRA
INFRA
Researchers find security vulnerabilities in modems used by luxury cars
Researchers at security firm McAfee LLC have discovered two serious vulnerabilities in the telematics control unit used in a range of luxury cars that could potentially allow hackers to gain control of vehicles.
A TCU is an embedded system that controls tracking of the vehicle, and in this case involves a unit manufactured by Continental AG that operates as a 2G modem. It facilitates in-vehicle communication, including data from the car that gets used in remote management tools such as web panels and mobile apps.
The two vulnerabilities include a “buffer overflow” in the TCU’s element that processes commands used to control a modem and another vulnerability that allows an attacker to execute code via one of the TCU’s baseband radio processor components. The first vulnerability would require a hacker to have physical access to the car, but the second one can be exploited from a remote location via a 2G cellular connection.
The risk profile of what attackers could do given access seems fairly limited at this stage. A spokesperson for McAfee told SiliconANGLE via email that “successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code,” before explaining that “this may allow an attacker to disable the infotainment system of the vehicle and affect functional features of the vehicle.”
There is nothing to suggest at this stage that either vulnerability could be used to cause a car to crash. But the McAfee researchers did note that ransomware could be deployed using the vulnerability, potentially disabling operation of the vehicle.
Here’s a list of the affected vehicles:
- BMW several models produced between 2009-2010
- Ford – a limited number of P-HEV hybrid models not updated (an update program began in 2016)
- Infiniti 2013 JX35, 2014-2016 QX60, 2014-2016 QX60 Hybrid, 2014-2015 QX50, 2014-2015 QX50 Hybrid, 2013 M37/M56, 2014-2016 Q70, 2014-2016 Q70L, 2015-2016 Q70 Hybrid, 2013 QX56, 2014-2016 QX 80
- Nissan 2011-2015 Leaf
Owners of these vehicles should contact their car manufacturer for advice on fixing the issue either through patching or a replacement TCU.
Photo:
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
