Image: BMW Group

BMW Group is to expand its co-operation and joint research work with the Chinese cybersecurity research team Tencent Keen Security Lab. It has been carrying out security tests both internally and with independent third parties, and a project with Tencent Keen explored potential vulnerabilities in the head units and T-Box components of various BMW models from different generations.

In this project, which ran from January 2017 to February 2018, the Tencent Keen team reported 14 different security vulnerabilities in the BMW vehicles. Nine of these required a physical connection in the car or in a location in the direct vicinity; five were via a remote connection on the mobile telephone network. Access was gained to the cars’ CAN buses and unauthorized diagnostic functions were remotely activated.

As a result of this test, BMW Group worked with Tencent Keen to develop security measures and software upgrades which have been uploaded to telematics control units via an over the air connection. Additional software upgrades will be made available at BMW dealerships and a joint technical report detailing the security vulnerabilities and implemented measures will be published next year.

Tencent Keen Security Lab has been selected as winner for BMW’s first Digitalization and IT Research Award, “to honour the experts who support us on the transformation towards digitized mobility,” said Christoph Grote, senior VP Electronics, BMW Group, at an awards ceremony [pictured]. “We thank Tencent Keen Security Lab for their tremendous effort, their sophisticated research and the highly professional collaboration.”

Ongoing joint research will look at the security of Android embedded systems, and autonomous driving and testing. Security of over the air software update mechanisms is also under consideration.

-Farah Alkhalisi