BMW Fixes Security Flaw

BMW has patched a security flaw that left 2.2 million cars open to hackers.

The flaw affected models fitted with BMW's ConnectedDrive software, which included Rolls Royce and Minis.

The software uses an on-board Sim card which operates door locks, air conditioning and traffic updates.

The flaw was identified by German motorist association ADAC; however, no cars have actually been hacked.

The researchers at ADAC found the cars would try to communicate via a spoofed phone network, leaving potential phone hackers able to control anything activated by the Sim.

The patch involved encrypting data from the car via HTTPS - the same security commonly used for online banking.

In a statement, BMW said: "On the one hand, data is encrypted with the HTTPS protocol, and on the other hand, the identity of the BMW Group server is checked by the vehicle before data is transmitted over the mobile phone network."

Security expert Graham Cluely said: "You would probably have hoped that BMW's engineers would have thought about [using HTTPS] in the first place.

"If you are worried that your vehicle may not have received the update (perhaps because it has been parked in an underground car park or other places without a mobile phone signal, or if its starter battery has been disconnected) then you should choose "Update Services" from your car's menu."

print this article

Return to internet news headlines
View Internet News Archive

Share with: