02-05-2015, 06:08 PM | #1 |
Captain
617
Rep 918
Posts |
Connected Drive system are vulnerable to hacker attack
FYI
http://www.msn.com/en-us/autos/news/...ack/ar-AA9238c Hackers have found a way to use BMW’s Connected Drive system to remotely unlock car doors, according to PCWorld. The website quotes Dave Buchko, a BMW spokesman, saying that the perpetrators were able to “reverse engineer some of the software that we use for our telematics . . . and they were able to mimic the BMW server.” The glitch was first discovered by the German Automobile Association (ADAC). The PCWorld article reports that BMW is beaming “software patches to the 2.2 million cars equipped with Connected Drive and said it hadn’t come across any cases in which the vulnerability had been used to unlock or attempt to unlock its cars.” Buchko went on to say that U.S. customers will start getting the patch beginning from next week. PCWorld says that the fix “adds HTTPS encryption to the connection from BMW to the car, which runs over the public cellular network. The added encryption will not only safeguard the content of the messages but also ensures that the car only accepts connections from a server with the correct security certificate.” This issue brings to light the possible downside of remote locking/unlocking services from various manufacturers: vulnerability to creative hackers to get in your car. The BMW breach comes on the heels of the massive data breach that hit health insurance company Anthem. |
02-05-2015, 06:37 PM | #2 |
Fool
1857
Rep 3,542
Posts |
The issue is only with the connection between the car and the BMW servers. Yes it should have been encrypted from the start, but the chances of interception happening either on the cellular network or on the network between the carrier and BMW is slim. So slim in fact that no compromise actually occurred. I can only assume that whoever wrote the system that communicates to the BMW network hadn't considered that one day it might be possible to fake a GSM cell using circa £2K worth of kit. Seeing as the service has been around for about 10 years, I would imagine that it wasn't feasibly possible to fake a GSM cell and so wasn't a problem. These days, of course it is, and it got forgot about. FWIW, the comms between BMW and your phone for the remote app IS encrypted over HTTPS.
|
Appreciate
0
|
02-06-2015, 01:54 PM | #3 |
ghey
483
Rep 2,041
Posts |
MSN is a little late to report on this;
http://f30.bimmerpost.com/forums/sho....php?t=1085588 1/30/15. BMW already resolved it as I understand.
__________________
21 G05 > 20 G05 > 17 G30 > 14 F30 > 08 E90
|
Appreciate
1
|
Post Reply |
Bookmarks |
|
|