G20 BMW 3-Series Forum - View Single Post

Rux · 01-10-2021, 10:28 PM

My comments on this subject are for entertainment and my own curiosity.

I do not work in the automotive industry so I must rely on the experts who do to fill in some of the gaps for me.

I was at a DEFCON, when things used to be normal, where OTA, specifically the BMW OTA exploit CVE-2018-9322, was referenced.

It is clear that an update does not need to be downloaded or approved for install by the user. That is clear as the above stated exploit was patched OTA by BMW.

Isn't it possible that BMW could OTA determine if a DME was unlocked and if so, lock it remotely?

There are a ton of attack surfaces that connected vehicles have (GSM, HTTP, NGTP etc). If you learned what type of encryption the OTAs used (asymmetric I assume) wouldn't it be possible to spoof an update with the parameters chosen by the user?

I am sorry if this has been asked before.

01-10-2021, 10:28 PM	#50
Rux Captain 644 Rep 615 Posts Drives: Little of this, little of that Join Date: Dec 2020 Location: Boston,MA/FL/NH iTrader: (0) Garage List 2024 BMW G42 [0.00] 2022 BMW G82 [0.00]	My comments on this subject are for entertainment and my own curiosity. I do not work in the automotive industry so I must rely on the experts who do to fill in some of the gaps for me. I was at a DEFCON, when things used to be normal, where OTA, specifically the BMW OTA exploit CVE-2018-9322, was referenced. It is clear that an update does not need to be downloaded or approved for install by the user. That is clear as the above stated exploit was patched OTA by BMW. Isn't it possible that BMW could OTA determine if a DME was unlocked and if so, lock it remotely? There are a ton of attack surfaces that connected vehicles have (GSM, HTTP, NGTP etc). If you learned what type of encryption the OTAs used (asymmetric I assume) wouldn't it be possible to spoof an update with the parameters chosen by the user? I am sorry if this has been asked before.
	Appreciate 0 Quote