A team of three security researchers has found and disclosed two security flaws in the TCU (telematics control unit) components that ship with various luxury car models.
TCUs are 2G modems that receive or send data from a car's internal system and are used as an interface between the car and remote management tools such as web panels and mobile apps.
The researchers found the flaws in TCUs manufactured by Continental AG, and more specifically in TCUs that use the S-Gold 2 (PMB 8876) cellular baseband chipset.
[...] The two flaws are a buffer overflow in the TCU's component that processes AT commands (CVE-2017-9647), and a flaw that allows attackers to execute code via one of the TCU's inner components (baseband radio processor) (CVE-2017-9633).
An attacker would need physical access to a car's[sic] to exploit the first flaw, while the second can be exploited from remote locations. Proof-of-concept (PoC) exploit code is available online for both flaws.
(Score: 2) by c0lo on Wednesday August 02 2017, @07:01AM
Continental AG, eh?
Should have commissioned that software to Bosch, they've showed [dw.com] that when they are doing a job, it's damn'd well executed (works flawlessly as intended).
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford