BMW Security Flaw Reminds Automakers That Cars Can Be Hacked

Feb 01, 2015 10:00 AM EST | Jordan Ecarma

Researchers recently spotted a security flaw in BMW vehicle software that could let hackers unlock the door and tap into the air conditioning controls for around 2.2 million vehicles.

BMW said today that it has since fixed the issue, which left certain Rolls-Royce, Mini and BMW vehicles vulnerable, Reuters reported. The automaker is not aware of any vehicles that have been hacked in connection with the problem.

The German auto association ADAC found the security risk in vehicles with ConnectedDrive software. The SIM cards used in the software help send data including locking and unlocking the door as well as traffic advisory information and air conditioning control.

"ADAC's security researchers were able to simulate the existence of a fake phone network, which BMW cars attempted to access, allowing hackers to manipulate functions activated by a SIM card," Reuters reported.

BMW updated the ConnectedDrive software automatically, encrypting data transmissions inside the car the same way a bank uses HTTPS to ensure secure transactions.

"The online capability of BMW Group ConnectedDrive allowed the gap to be closed quickly and safely in all vehicles," BMW said in a statement. "There was no need for vehicles to go to the workshop." 

As cars become increasingly connected, they are also becoming more of a security risk since they could potentially be hacked. Autonomous vehicles will pose an especial danger since they could--in theory--be taken over by criminals and used as weapons or even directed to take driver and passengers to places unknown.

Carmakers industry-wide have been promising self-driving vehicles by 2020; if they maintain that timeline, the quick pace of autonomous technology will make it even more imperative for them to build models that have secure software.  

"It's definitely going to happen," John Martin, senior vice president of manufacturing for Nissan North America, told Auto World News at an event that was part of the 2015 Washington Auto Show. "We've got tech now that we're testing on vehicles that will be in autonomous cars ... we've got all the elements in place."

Nissan is keeping privacy issues in mind when it comes to designing software, he said when asked about the risk of autonomous vehicles being hacked.

"We're already well aware of this," he told AutoWorldNews.

© 2017 Auto World News, All rights reserved. Do not reproduce without permission.
Get the Most Popular Autoworld Stories in a Weekly Newsletter

Join the Conversation

Real Time Analytics