The German automaker BMW fixes a security flaw for its vehicles benefiting from the Connected Drive system. A flaw could indeed allow malicious hackers to gain unauthorized access to open the doors of the cars.
BMW Connected Drive in the control system used in many models can be cracked within a few minutes to lift lock, steal digital key control of the vehicle. BMW is now announced for its 2.2 million wheelbase BMW models, Rolls-Royce and MINI models offer remote upgrade patch to fix the flaw, the upgraded system will serve BMW via HTTPS encryption protocol, greatly enhance security.
It will probably be necessary to regularly apply security patches to your car. Witness this “patch” that just pushed BMW to all users of its Connected Drive services, including software that allows remote access to certain features of its vehicles via their smart phone. A flaw identified by the ADAC, a German automobile federation could indeed allow malicious hackers to gain unauthorized access to features available in theory to the vehicle owner. They would have particular use to… open the doors at will.
The danger, they say, is that once external security is breached, hackers can have free rein to access onboard vehicle computer systems which manage everything from engines and brakes to air conditioning.
This vulnerability is apparently concerned that cars equipped with SIM cards, which is all the same, according to Reuters, 2.2 million more luxurious vehicles: BMW, but also Mini and Rolls-Royce!
BMW insists there is still no problem because the car was stolen right of control “case occurred,” allegedly involved in related models will be connected to the server automatically after updating to The latest version of the software.
A Man in the Middle Attack
To exploit, ADAC’s safe researchers have launched a “man in the middle” attack by creating a fake GSM network, which is connected to the car instead of the real network. Therefore, they had access to functions accessible remotely. A technique which, fortunately, is not within the reach of anybody.
BMW says they have never had wind pirates took advantage of this loophole. Phew, customers do not need to go to the garage to apply this patch. It was pushed automatically when the vehicle is connected to the company’s servers.