Jump to content

Bmw Patches E-Goof That Left 2.2M Cars At Risk


kakatiya

Recommended Posts

bmw-connecteddrive-820x420.jpg

 

BMW has remotely patched a security flaw which, if exploited, could have handed over the digital keys to as many as 2.2m BMW, Rolls-Royce, and MINI cars to thieves. The hack, identified by a German motorist association, involved models fitted with BMW's ConnectedDrive infotainment system, which uses a mobile data connection to offer drivers locking control when they're away from the vehicle, in addition to downloading content to the dashboard when they're behind the wheel. BMW says that it's now using the same sort of HTTPS encryption that banks rely upon.

 

Exact details of the hack have not been shared by ADAC, the German organization that identified the issue. However, it said that it had been able to unlock a car with the unpatched ConnectedDrive system via a cellphone from outside the vehicle, in just a matter of minutes.

BMW's response has been to push out an OTA update which patches the exploit and moves the system to HTTPS, which was already being used by other connected services in its vehicles.

That means the car can now confirm that the server it is talking to is, indeed, one of BMW's, rather than something nefarious.

While it's embarrassing, BMW insists that as "no cases have come to light yet in which data has been called up actively by unauthorized persons from outside or an attempt of this kind is made in the first place" the problem was nonetheless a minor one.

Affected models should update automatically when they perform a regularly-scheduled ping of the server for the latest software. Alternatively, owners can trigger an update manually, by heading into the settings and hitting the update button.

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...