Incident: BMW Cars Vulnerable to Multiple Cybersecurity Flaws Detected by Keen Lab

Published Date: 2018-05-23

Postmortem Analysis
Timeline 1. The software failure incident where BMW cars were found to contain more than a dozen flaws happened in January 2017, as mentioned in the article [71470]. Therefore, the estimated timeline for the software failure incident would be January 2017.
System 1. BMW car computer systems [71470] 2. Internet-connected infotainment systems [71470] 3. Telematics control unit [71470] 4. Central gateway module [71470]
Responsible Organization 1. Keen Lab [71470]
Impacted Organization 1. BMW cars [71470]
Software Causes 1. The software causes of the failure incident in the BMW cars were identified as 14 separate flaws in the car computer systems, allowing hackers to potentially take partial control of affected vehicles [71470]. 2. The vulnerabilities were found in the internet-connected infotainment systems, the telematics control unit, and the central gateway module of the cars' electronics [71470].
Non-software Causes 1. The vulnerabilities in BMW cars were found to be caused by flaws in the car computer systems, particularly within the internet-connected infotainment systems, the telematics control unit, and the central gateway module [71470].
Impacts 1. The software failure incident in BMW cars, where 14 separate flaws were identified, could potentially allow hackers to take partial control of affected vehicles while in use [71470]. 2. The vulnerabilities found in the internet-connected infotainment systems, telematics control unit, and central gateway module could lead to remote attacks on BMW cars, enabling attackers to exploit the infotainment and telematics parts from a distance, even when the car is in driving mode [71470]. 3. The software failure incident impacted several models of BMW cars, including some of its i, X, 3, 5, and 7 Series designs, indicating a widespread vulnerability across different vehicle types [71470].
Preventions 1. Regular security audits and penetration testing conducted by the car manufacturer, BMW, could have potentially identified and addressed the flaws before they were exploited by hackers [71470]. 2. Implementing secure coding practices during the development of the car computer systems could have reduced the likelihood of vulnerabilities being present in the software [71470]. 3. Timely software updates and patches released by BMW to address known vulnerabilities could have prevented hackers from exploiting the flaws in the car computer systems [71470].
Fixes 1. BMW is working on fixes for the 14 separate flaws identified in their car computer systems [71470]. 2. Customers have been advised to keep an eye out for software updates and other counter-measures from BMW over the coming months [71470].
References 1. Keen Lab [71470] 2. BMW [71470]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization, multiple_organization (a) The software failure incident related to BMW cars containing multiple flaws has happened again within the same organization. The article mentions that BMW's car computer systems were found to contain 14 separate flaws, allowing hackers to potentially take partial control of affected vehicles. This incident highlights a significant vulnerability in BMW's software systems, indicating a recurring issue within the organization [71470]. (b) The software failure incident related to vulnerabilities in BMW cars has also been a concern for other organizations or car manufacturers. The article mentions that Keen Lab, a division of Tencent, identified vulnerabilities in BMW cars and shared its findings with the German company. This suggests that similar security flaws could potentially exist in vehicles from other manufacturers as well, indicating a broader industry concern regarding cybersecurity in connected cars [71470].
Phase (Design/Operation) design, operation (a) The software failure incident related to the design phase is evident in the article. The Chinese cyber-security lab, Keen Lab, identified 14 separate flaws in BMW's car computer systems, which could potentially allow hackers to take partial control of affected vehicles. These vulnerabilities were found in various parts of the cars' electronics, including the internet-connected infotainment systems, the telematics control unit, and the central gateway module. The researchers shared their findings with BMW to give them time to address the problems before disclosing the full details in 2019 [71470]. (b) The software failure incident related to the operation phase is also highlighted in the article. Keen Lab demonstrated that remote attacks on BMW cars were possible, with one scenario involving a rogue mobile data transmitter exploiting vulnerabilities in the infotainment and telematics parts. Attackers could potentially create backdoors to inject diagnostic messages that could affect the driver's control, even when the car is in driving mode. BMW advised its customers to watch for software updates and other counter-measures to mitigate these risks [71470].
Boundary (Internal/External) within_system (a) The software failure incident reported in the article is within_system. The flaws identified in BMW's car computer systems were found within the system itself, allowing hackers to potentially take partial control of affected vehicles through various means such as infected USB sticks, Bluetooth, and the vehicles' own data links [71470]. The vulnerabilities were mainly located in different parts of the cars' electronics, including the internet-connected infotainment systems, the telematics control unit, and the central gateway module [71470]. The researchers from Keen Lab were able to simulate remote attacks on BMW cars, indicating that the vulnerabilities were present within the system itself [71470].
Nature (Human/Non-human) non-human_actions (a) The software failure incident occurring due to non-human actions: The software failure incident in the BMW cars was due to non-human actions, specifically flaws in the car computer systems identified by a Chinese cyber-security lab. These flaws could potentially allow hackers to take partial control of affected vehicles through various means such as infected USB sticks, Bluetooth, and the vehicles' own data links [71470]. (b) The software failure incident occurring due to human actions: The article does not mention any software failure incident occurring due to human actions.
Dimension (Hardware/Software) hardware, software (a) The software failure incident related to hardware: - The article reports that BMW's car computer systems were found to contain 14 separate flaws, which could potentially allow hackers to take partial control of affected vehicles while in use [71470]. - The vulnerabilities were found in different parts of the cars' electronics, including the internet-connected infotainment systems, the telematics control unit, and the central gateway module [71470]. - One scenario described in the article involves a rogue mobile data transmitter exploiting vulnerabilities in the infotainment and telematics parts, potentially allowing attackers to create backdoors and inject diagnostic messages affecting the driver's control [71470]. (b) The software failure incident related to software: - The article mentions that BMW is working on fixes for the identified flaws in its car computer systems [71470]. - Keen Lab, the Chinese cyber-security lab that conducted the investigation, shared its findings with BMW to give them time to tackle the problems before revealing the full details in 2019 [71470]. - BMW has verified all the reported vulnerabilities and is advising its customers to watch out for software updates and other counter-measures from the company [71470].
Objective (Malicious/Non-malicious) malicious (a) The software failure incident in the article is malicious in nature. The Chinese cyber-security lab, Keen Lab, identified 14 separate flaws in BMW's car computer systems that could potentially allow hackers to take partial control of affected vehicles. The vulnerabilities were found in various parts of the cars' electronics, including the internet-connected infotainment systems, the telematics control unit, and the central gateway module. The researchers demonstrated scenarios where remote attacks could be launched on BMW cars, exploiting vulnerabilities in the infotainment and telematics parts, potentially affecting the driver's control [71470].
Intent (Poor/Accidental Decisions) unknown (a) The intent of the software failure incident related to poor_decisions: - The software failure incident involving BMW cars containing more than a dozen flaws was not due to poor decisions but rather due to vulnerabilities identified by a Chinese cyber-security lab [71470]. - The vulnerabilities were found in various parts of the cars' electronics, including the internet-connected infotainment systems, the telematics control unit, and the central gateway module [71470]. - BMW is actively working on fixes for the identified flaws and advising customers to watch out for software updates and other counter-measures [71470].
Capability (Incompetence/Accidental) development_incompetence, accidental (a) The software failure incident related to development incompetence can be seen in the article where BMW's car computer systems were found to contain 14 separate flaws due to vulnerabilities in different parts of the cars' electronics [71470]. These flaws could potentially allow hackers to take partial control of affected vehicles, indicating a lack of professional competence in ensuring the security of the software systems. (b) The software failure incident related to accidental factors is evident in the article where Keen Lab, a division of Tencent, began its investigation in January 2017 and shared its findings with BMW just over a year later [71470]. This delay in identifying and addressing the vulnerabilities could be considered accidental, as it took time for the flaws to be discovered and reported to BMW for fixes.
Duration temporary The software failure incident reported in the article about BMW cars containing more than a dozen flaws can be categorized as a temporary failure. This is evident from the fact that the vulnerabilities were identified by Keen Lab, a Chinese cyber-security lab, and shared with BMW for fixes. BMW is actively working on addressing the flaws by developing software updates and other counter-measures to mitigate the risks posed by the identified vulnerabilities. The researchers are also holding back their full findings until 2019 to give BMW more time to tackle the problems, indicating that the software failure is not permanent but rather temporary and actively being addressed [71470].
Behaviour omission, value, other (a) crash: The software failure incident in the BMW cars was not described as a crash where the system loses state and does not perform any of its intended functions [71470]. (b) omission: The software flaws in the BMW cars allowed hackers to potentially take partial control of affected vehicles, indicating an omission in performing the intended functions securely [71470]. (c) timing: The timing of the software failure incident was not specifically mentioned in the articles [71470]. (d) value: The software failure incident in the BMW cars involved the system performing its intended functions incorrectly, leading to vulnerabilities that could be exploited by hackers [71470]. (e) byzantine: The software failure incident did not exhibit behaviors of inconsistent responses or interactions as described in a byzantine failure [71470]. (f) other: The software failure incident in the BMW cars involved vulnerabilities that could be exploited through various means such as infected USB sticks, Bluetooth, and the vehicles' own data links, showcasing a potential security breach beyond the typical definitions of software failure [71470].

IoT System Layer

Layer Option Rationale
Perception sensor, processing_unit, network_communication, embedded_software (a) sensor: The article mentions vulnerabilities found in the telematics control unit, which is responsible for tracking a vehicle's location. This could be considered part of the sensor system within the car's cyber physical system [71470]. (b) actuator: The article does not specifically mention any failures related to actuators in the cyber physical system. (c) processing_unit: The vulnerabilities identified in the BMW cars were related to the internet-connected infotainment systems, the telematics control unit, and the central gateway module. These components involve processing units within the cyber physical system of the vehicles [71470]. (d) network_communication: The vulnerabilities discovered by Keen Lab involved exploiting the cars' 3G/4G data links, Bluetooth connections, and other network communication channels to compromise the vehicles. This indicates a failure related to network communication within the cyber physical system [71470]. (e) embedded_software: The vulnerabilities found in the BMW cars were related to flaws in the car computer systems, including the infotainment systems, telematics control unit, and central gateway module. These systems rely on embedded software, making the failure incident related to embedded software errors [71470].
Communication link_level, connectivity_level The software failure incident reported in Article 71470 is related to the communication layer of the cyber physical system that failed at both the link_level and connectivity_level. 1. **Link Level**: The vulnerabilities identified in BMW cars by Keen Lab included ways to compromise the cars by plugging in infected USB sticks, as well as via contactless means including Bluetooth and the vehicles' own 3G/4G data links. This indicates that the failure was related to contributing factors introduced by the wired or wireless physical layer of communication [71470]. 2. **Connectivity Level**: Keen Lab found vulnerabilities in the internet-connected infotainment systems, telematics control unit, and central gateway module of the BMW cars. These vulnerabilities could potentially allow hackers to take partial control of affected vehicles remotely, exploiting weaknesses in the network or transport layer of communication. The scenario described by Keen Lab involved a rogue mobile data transmitter exploiting vulnerabilities in the infotainment and telematics parts, indicating a failure at the connectivity level of the cyber physical system [71470].
Application TRUE The software failure incident reported in the article [71470] was related to the application layer of the cyber physical system. The article mentions that BMW's car computer systems were found to contain 14 separate flaws, which could allow hackers to take partial control of affected vehicles. These flaws were identified in various parts of the cars' electronics, including the internet-connected infotainment systems, the telematics control unit, and the central gateway module. The vulnerabilities were exploited through methods such as infected USB sticks, Bluetooth, and the vehicles' own data links, indicating that the failure was indeed related to the application layer of the cyber physical system.

Other Details

Category Option Rationale
Consequence non-human, theoretical_consequence (a) death: People lost their lives due to the software failure - There is no mention of any deaths resulting from the software flaws found in BMW cars [71470]. (b) harm: People were physically harmed due to the software failure - The article does not mention any physical harm caused to individuals due to the software flaws in BMW cars [71470]. (c) basic: People's access to food or shelter was impacted because of the software failure - The article does not mention any impact on people's access to food or shelter due to the software flaws in BMW cars [71470]. (d) property: People's material goods, money, or data was impacted due to the software failure - The software flaws in BMW cars could potentially allow hackers to take partial control of affected vehicles, but there is no specific mention of people's material goods, money, or data being impacted [71470]. (e) delay: People had to postpone an activity due to the software failure - There is no mention of people having to postpone any activities due to the software flaws in BMW cars [71470]. (f) non-human: Non-human entities were impacted due to the software failure - The software flaws in BMW cars could potentially allow hackers to take partial control of the vehicles, impacting the functionality of the cars themselves [71470]. (g) no_consequence: There were no real observed consequences of the software failure - The software flaws in BMW cars were identified by researchers, and BMW is working on fixes to address the vulnerabilities. However, there is no mention of any real observed consequences resulting from these flaws [71470]. (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - The article discusses the potential consequences of hackers taking partial control of affected BMW vehicles through the identified software flaws. However, there is no mention of these consequences actually occurring [71470]. (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? - There are no other consequences mentioned in the article related to the software failure incident in BMW cars [71470].
Domain transportation (a) The software failure incident reported in the article is related to the automotive industry, specifically affecting BMW cars. The flaws identified in the car computer systems could potentially allow hackers to take partial control of the vehicles [71470].

Sources

Back to List