BMW Clears Software Hole for Cars

Wednesday, February 4, 2015 @ 01:02 PM gHale

BMW fixed a security flaw that allowed attackers to unlock the doors of up to 2.2 million Rolls-Royce, Mini and BMW vehicles.

German motorist association ADAC found the problem, which affected cars equipped with the company’s ConnectedDrive software using on-board SIM cards — the chips used to identify authorized users of mobile devices, BMW officials said.

RELATED STORIES
BMWs Hackable Via Smartphone
Car Hacking a Real Threat Today
Hacking a Car Comes Alive
Self-Powered Keyboard Adds Security

BMW drivers can use the software and SIM cards to activate door locking mechanisms, as well as a range of other services including real-time traffic information, online entertainment and air conditioning.

The security risk occurred when data transmitted, BMW said. The automaker did say the vulnerability did not impede the car’s critical functions of driving, steering or braking.

BMW said it was not aware of any cases there was a compromise security of vehicle security.

Hacking into cars is not new as researchers have shown the relative ease in which a dedicated hacker could get into a car and, in some cases, take control.

One danger, security researchers have said, is once there is a breach in external security an attacker gains full access to onboard vehicle computer systems which manage everything from engines and brakes to air conditioning.

ADAC’s security researchers were able to simulate the existence of a fake phone network, which BMW cars attempted to access, allowing hackers to manipulate functions activated by a SIM card.

BMW said it had taken steps to eliminate possible breaches by encrypting the communications inside the car using the same HTTPS (Hypertext Transfer Protocol Secure) standard used in Web browsers for secure transactions such as ecommerce or banking.

BMW said it was able to update its ConnectedDrive software automatically, when the vehicle connects up to the BMW Group server or the driver calls up the service configuration manually.

“The online capability of BMW Group ConnectedDrive allowed the gap to be closed quickly and safely in all vehicles,” BMW said. “There was no need for vehicles to go to the workshop.”



Leave a Reply

You must be logged in to post a comment.