https://wccftech.com/tencent-researchers-security-flaws-bmw/

Chinese security researchers have discovered several security vulnerabilities in BMW cars, including some remotely exploitable vulnerabilities. Keen Security Lab, the cybersecurity unit of Tencent, reported 14 vulnerabilities that impact the infotainment system, the TCU, and the central gateway module.

While the published paper (24 pages!) lacks some technical details that would be shared next year after these bugs have been fixed, researchers noted that some of the flaws can be exploited to execute arbitrary code and take complete control of the affected component. Researchers said that they gained entry using the vehicle’s infotainment and telematics systems. By combining these 14 security holes, they were able to escalate their access to the car’s inner CAN bus that interconnects all the car components and functions.