BMW Fixes Security Flaw In Connected Cars

Published on 9th Feb 2015

BMW has reconfigured its connected cars after reports that hackers were able to unlock the doors of the vehicles using their smartphones.

German motorists’ association ADAC revealed that the cars would try to communicate via a spoofed phone network, allowing potential hackers to control anything activated by the SIM card.

BMW’s ConnectedDrive technology connects 2.2 million BMW, Mini and Rolls-Royce models. It uses a SIM card installed in the car to connect to a smartphone app over the internet, allowing the owner to remotely switch on the heating or air conditioning, and lock or unlock the car.

According to BMW, the ADAC researchers had “reverse engineered some of the software that we use for our telematics. With that they were able to mimic the BMW server.” In response, the manufacturer has increased the security of data transmission in its vehicles.

BMW has issued an over-the-air software update to patch the security flaw, adding HTTPS encryption to the connection between the vehicles and BMW’s server — security which it said is also used for online banking and was already available for BMW Internet, a service that allows passengers to go online via smartphone while in the car.

Now, data is encrypted with the HTTPS protocol and the identity of the BMW Group server is also checked by the vehicle before any data is sent over the mobile network.

The car maker said that it is not aware of any cases where the hack had been used maliciously.

Research firm Gartner predicted recently that about one in five vehicles on the road will have some form of wireless network connection by 2020 – amounting to more than 250 million connected vehicles across the globe.

But with connected cars facing the threat of hacking and malware, security experts believe car manufacturers need to do more to ensure their connected vehicle technology is completely secure.

Simon Spooner, Head of Automotive at Osborne Clarke commented “Cyber security is an area of real focus for the car industry and is one of the key questions that consumers have about connected cars.”

Follow
Interested in hearing more from Osborne Clarke?
Register now for more insights, news and events from across Osborne Clarke
Sign up
Related articles
Round-up of thoughts from Osborne Clarke's connected car event
23/03/2015 1 mins
Ford Joins UK Autonomous Cars Project
18/02/2015 1 mins
The future of driverless cars: Osborne Clarke's thoughts on today’s government review
11/02/2015 2 mins

* This article is current as of the date of its publication and does not necessarily reflect the present state of the law or relevant regulation.

Interested in hearing more from Osborne Clarke?
Register now for more insights, news and events from across Osborne Clarke
Sign up