First-ever BMW Group Digitalization and IT Research Award goes to Tencent Keen Security Lab for their connectivity and cybersecurity research. The two companies plan to expand their cooperation and joint research work.

The award

The BMW Group has been an early driver of the digital transformation
in the automotive industry, always intent on meeting the continuously
changing needs of its customers. With regards to digital
transformation, both the BMW Group and the entire automotive industry
stand to benefit from the ongoing research in computer engineering.
The award honors pioneering research in software development and
information technology, specifically in artificial intelligence, big
data, internet of things, cybersecurity, connectivity and autonomous driving.

Connectivity and cybersecurity

With BMW ConnectedDrive, the BMW Group has been the leading automaker
in intelligent connectivity for 20 years. The expansion of
connectivity and services, together with automated driving and
e-mobility, is among the key areas of activity the BMW Group has
defined in its Strategy NUMBER ONE NEXT with the aim of driving
the transformation. More than ten million connected cars have already
been put on the road worldwide. The increasing lineup of connectivity
services and features ranges from real-time traffic information,
hazard warnings and emergency call systems to the integration of apps
and remote services connected to mobile or smart home devices.
Security and privacy are two key elements in the BMW Group’s product
development process, driving connectivity within and beyond the
vehicle. Along with increasing functionality and rapid technological
progress in vehicle development, electronics and consumer devices, the
complexity of the overall system also increases. In response to what
has become a race between technological progress and new, presently
unknown attack scenarios, the BMW Group has launched a comprehensive
cybersecurity action plan, which includes tests conducted both
internally by the BMW Group and with the help of independent
institutions. Third parties increasingly play a crucial role in
improving automotive security as they conduct their own in-depth tests
of products and services.

Tencent Keen Security Lab

Keen Security Lab, a professional security research lab under Tencent
Holdings Limited, is a globally renowned and respected security
research team whose highly specialized researchers have more than ten
years of experience in cybersecurity for PCs and mobile devices.
Tencent Keen Security Lab is actively involved in internal research
and the development of security enhancement recommendations for the
portfolio of online services, including social, payment, games and
cloud, provided by its parent company, Tencent Group. Keen Security
Lab believes transparency, sharing and industry cooperation are
essential to foster a safe and secure world as the Internet becomes
increasingly ubiquitous and entrenched in our everyday lives.

In recent years, Tencent Keen Security Lab expanded capabilities in
new research areas including connected/intelligent cars, IoT products,
cloud computing and virtualization, as well as AI. A major research
focus of Tencent Keen Security Lab is automotive security, a field in
which the company has partnered up with leading players. The company
supports the advancement of security features of intelligent connected
cars by publishing substantial research and supporting automakers in
technological and technical development matters. Tencent Keen Security
Lab believes its research objective and results will be beneficial to
improving road safety for hundreds of millions of drivers, passengers
and pedestrians in many countries.

“We want to contribute our comprehensive expertise and in-depth
understanding of vehicle technologies to improving the development
processes and security guidelines in the automotive industry,
providing a shared benefit for OEMs and customers,” states Sen Nie,
Lead Researcher of Vehicle and IoT Security Research.

The award-winning research

Between January 2017 and February 2018, Tencent Keen Security Lab
experts conducted comprehensive tests with various BMW models. In
doing so, they focused on head unit and T-Box components of different
generations. “BMW belongs to the top 5% in automotive IT-security,
which made it a highly challenging task for our sophisticated team,”
says Samuel Lv, Director of Tencent Keen Security Lab. After 13 months
the team of researchers informed the BMW Group about their
comprehensive findings on 14 different vulnerabilities directly
(Responsible Disclosure). Nine of the attack scenarios required a
physical connection in the car or a location in the direct vicinity of
the vehicle. Five attack scenarios were based on a remote connection
using the mobile telephone network. After gaining access to the head
unit and T-box components, Tencent Keen Security Lab executed
specifically developed exploits and in this way was able to gain
control of the CAN buses to trigger arbitrary, unauthorized diagnostic
vehicle functions remotely. The tests were always run in a controlled
environment on the premises of Tencent Keen Security Lab. Identifying,
preparing and implementing attack scenarios via mobile network
requires comprehensive expertise. Tencent Keen Security Lab team
managed to implement these complex and sophisticated exploit chains.
The BMW Group is convinced that the study presented constitutes by far
the most comprehensive and complex testing ever conducted on BMW Group
vehicles by a third party. 

Promptly after the internal verification of the findings, the BMW
Group’s Automotive Security Team contacted Tencent Keen Security Lab
to confirm the findings and started developing measures. Subsequently,
these upgrades were rolled out in the BMW Group backend and uploaded
to the telematics control units via over the air connection. The BMW
Group develops additional software updates, which as usual will be
made available for customers at BMW dealerships. With the
collaboration of the two parties, the security updates developed by
BMW Group improve the security level of BMW’s products and services
for the customers’ benefit.

For this outstanding research work, Tencent Keen Security Lab has
been selected as the first winner of the BMW Group Digitalization and
IT Research Award. “With this award we want to honor the experts who
support us in the transformation towards digitalized mobility,”
explained Christoph Grote, Senior Vice President Electronics BMW
Group, when he presented the award to the research team of Tencent
Keen Security Lab at BMW Group China’s offices in Beijing. “We thank
Tencent Keen Security Lab for their tremendous effort, their
sophisticated research and the highly professional collaboration.”
Tencent Keen Security Lab will make a summary of the research findings
available. A joint technical report detailing the vulnerabilities,
exploit chains and implemented measures will be published by the two
parties next year.

Future cooperation

In an increasingly digitalized and connected world, security is key.
The merging of interfaces between different consumer devices, as well
as between devices and their surroundings, generates new advantages
for customers and even significant benefits for society. At the same
time, however, these interfaces open up the potential of access and
manipulation for illegal malicious attacks. Based on the successful
cooperation, Tencent Keen Security Lab and the BMW Group are
discussing options for joint in-depth research and development
activities. Talks on the design of a future cooperation were held at
the award ceremony. The joint research will focus on the security of
Android embedded systems, and on autonomous driving security and
testing. Additionally, consulting services on security in over-the-air
software update mechanisms are within the scope of future collaboration.

 

Link: Tencent
Keen Security Lab research paper

 

In the event of enquiries please contact:

 

Mathias Urban, Media Relations Manager Digital Vehicle and Electronics

BMW Group Innovation and Design Communications

Tel.: +49-89-382-33399, Email: Mathias.Urban@bmwgroup.com  

 

Benjamin Titz, Head of Innovation and Design Communications

BMW Group Innovation and Design Communications

Tel.: + 49-89-382-22998

 

E-mail: presse@bmw.de

 

For enquiries in regards to Tencent Keen Security Lab, please contact:

 

Irene Fung, Weber ShandWick
+852-97070805, ifung@webershandwick.com

 

Alice Ye, Tencent
+86-755-86013388-77055, gc@tencent.com

 

Catherine Chan, Tencent
+86-755-86013388-88369, gc@tencent.com