A group of three security researchers has discovered and published two security vulnerabilities in the TCU (telematics control unit) components that are installed on various car models manufactured by BMW, Ford, Infiniti, and Nissan.
The TCUs are 2G modems that are used by modern cars to transfer data from a car’s internal system and are used as an interface between the car and remote management tools such as web panels and mobile apps.
The two issues are a buffer overflow in the TCU’s element that processes AT commands (CVE-2017-9647), and another bug that enables attackers to execute code via one of the TCU’s inner components (baseband radio processor) (CVE-2017-9633).
The following car uses vulnerable TCUs:
– BMW several models produced between 2009-2010
– Ford – program to update 2G modems has been active since 2016 and impact is restricted to the limited number of P-HEV vehicles equipped with this older technology that remain in service.
– Infiniti 2013 JX35
– Infiniti 2014-2016 QX60
– Infiniti 2014-2016 QX60 Hybrid
– Infiniti 2014-2015 QX50
– Infiniti 2014-2015 QX50 Hybrid
– Infiniti 2013 M37/M56
– Infiniti 2014-2016 Q70
– Infiniti 2014-2016 Q70L
– Infiniti 2015-2016 Q70 Hybrid
– Infiniti 2013 QX56
– Infiniti 2014-2016 QX 80
– Nissan 2011-2015 Leaf
Nissan said that it will disable the 2G modems (TCUs) for all affected clients for free in one of its services. Same thing for Infiniti cars, while BMW “will be offering a service measure to affected customers.”