Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Discovering BMW Car Systems: Getting Started

Since I love both (in)security and cars, it is not uncommon for me to mix those things on a regular basis. I am a very happy owner of a beautiful BMW F30 (chassis code) 320i 2013, so far, my second bimmer. This is a 2.0 turbo four-cylinder engine producing 184hp and 270Nm, it is quite a nice ride.

It is no surprise that newer cars use many electronic elements inside and my car is not an exception: there are two components that one could possibly take control of: the ECU (Engine Control Unit) and the BMWi Drive.

ECU(Engine Control Unit)

ECU is a common hardware on all cars and is being around for a long time. It controls all functions in the car including engine, interior, multimedia, and others. In this case, we can access it utilizing an OBDII>ETHERNET cable:

9415_58eb97b4-e467-4e6b-8693-26a44c296b71

Figure 1: OBDII > ETHERNET cable

The connection is hidden on the driver's side (despite the fact that this is not a secret at all to most, if not all car repair shops and smog-check stations):

10332_83bf4c87-73b9-44ca-bc57-b8f6c2a5a99e
Figure 2: OBDII port on the car

It provides a TCP/IP connection (establishing IPs for the car and the laptop) and with that one should be able to modify many parameters on the car, very risky but draws the most curious ones' attention. The application needed to establish this TCP/IP connection (E-Sys for F**chassis) is not free and neither easy to manipulate but can be done after some research.

iDrive

The iDrive on the other hand is a complete multimedia system that also includes Internet access. At this point things started to get interesting, the multimedia is able to connect using Bluetooth (IEEE 802.15.x) in conjunction with the personal access (é esse o nome em inglês?) from an iPhone for example.

To initiate the research it is necessary to setup an environment, in my case I have utilized an iPhone with 3G Internet connection, a computer and their blue tooth connections:

12684_f40290d0-ee9c-4097-944d-ce3363a2713b

Figure 3: Bluetooth connections

8696_358a8d4f-b91a-4e19-bd0e-51e79fd52e2b

Figure 4: Scanning iDrive ports

No ports opened, at least so far, I did not find any service that could be enabled and maybe exploited. My iDrive is not the most advanced, Internet access is only good for accessing RSS feeds and a weather website however in other versions of iDrive now found on BMW 335i, 5, 6 and 7series, it is possible to browser websites, access social networks, etc. hopefully another feature can be reached. The good news are that the extension for the usual iDrive (1 and 3 series) can be retrofitted.

This is a very simple blog post just to present the car's connections and indicating how anyone can get it started for testing. That is definitely avery extensive topic and demands a lot of study and research but very promising in the security field since many features were/are being developed to combine cellphones/computers and cars (Ex: Siri from iPhone).

I am planning on writing more about my experience with both ECU (E-Sys)and iDrive and how other hacks are being done by some performance vendors.

Latest SpiderLabs Blogs

Hunting For Integer Overflows In Web Servers

Allow me to set the scene and start proceedings off with a definition of an integer overflow, according to Wikipedia:

Read More

Welcome to Adventures in Cybersecurity: The Defender Series

I’m happy to say I’m done chasing Microsoft certifications (AZ104/AZ500/SC100), and as a result, I’ve had the time to put some effort into a blog series that hopefully will entertain and inform you...

Read More

Trustwave SpiderLabs: Insights and Solutions to Defend Educational Institutions Against Cyber Threats

Security teams responsible for defending educational institutions at higher education and primary school levels often find themselves facing harsh lessons from threat actors who exploit the numerous...

Read More