Connected Drive system are vulnerable to hacker attack

kent11202 · 02-05-2015, 06:08 PM

FYI

http://www.msn.com/en-us/autos/news/...ack/ar-AA9238c

Hackers have found a way to use BMW’s Connected Drive system to remotely unlock car doors, according to PCWorld. The website quotes Dave Buchko, a BMW spokesman, saying that the perpetrators were able to “reverse engineer some of the software that we use for our telematics . . . and they were able to mimic the BMW server.” The glitch was first discovered by the German Automobile Association (ADAC).

The PCWorld article reports that BMW is beaming “software patches to the 2.2 million cars equipped with Connected Drive and said it hadn’t come across any cases in which the vulnerability had been used to unlock or attempt to unlock its cars.”

Buchko went on to say that U.S. customers will start getting the patch beginning from next week.

PCWorld says that the fix “adds HTTPS encryption to the connection from BMW to the car, which runs over the public cellular network. The added encryption will not only safeguard the content of the messages but also ensures that the car only accepts connections from a server with the correct security certificate.”

This issue brings to light the possible downside of remote locking/unlocking services from various manufacturers: vulnerability to creative hackers to get in your car.

The BMW breach comes on the heels of the massive data breach that hit health insurance company Anthem.

Daftasabrush · 02-05-2015, 06:37 PM

The issue is only with the connection between the car and the BMW servers. Yes it should have been encrypted from the start, but the chances of interception happening either on the cellular network or on the network between the carrier and BMW is slim. So slim in fact that no compromise actually occurred. I can only assume that whoever wrote the system that communicates to the BMW network hadn't considered that one day it might be possible to fake a GSM cell using circa £2K worth of kit. Seeing as the service has been around for about 10 years, I would imagine that it wasn't feasibly possible to fake a GSM cell and so wasn't a problem. These days, of course it is, and it got forgot about. FWIW, the comms between BMW and your phone for the remote app IS encrypted over HTTPS.

timmahh · 02-06-2015, 01:54 PM

MSN is a little late to report on this;

http://f30.bimmerpost.com/forums/sho....php?t=1085588

1/30/15. BMW already resolved it as I understand.

02-05-2015, 06:08 PM	#1
kent11202 Captain 617 Rep 918 Posts Drives: 2013 328i Join Date: Oct 2013 Location: SF Bay Area iTrader: (0)	Connected Drive system are vulnerable to hacker attack FYI http://www.msn.com/en-us/autos/news/...ack/ar-AA9238c Hackers have found a way to use BMW’s Connected Drive system to remotely unlock car doors, according to PCWorld. The website quotes Dave Buchko, a BMW spokesman, saying that the perpetrators were able to “reverse engineer some of the software that we use for our telematics . . . and they were able to mimic the BMW server.” The glitch was first discovered by the German Automobile Association (ADAC). The PCWorld article reports that BMW is beaming “software patches to the 2.2 million cars equipped with Connected Drive and said it hadn’t come across any cases in which the vulnerability had been used to unlock or attempt to unlock its cars.” Buchko went on to say that U.S. customers will start getting the patch beginning from next week. PCWorld says that the fix “adds HTTPS encryption to the connection from BMW to the car, which runs over the public cellular network. The added encryption will not only safeguard the content of the messages but also ensures that the car only accepts connections from a server with the correct security certificate.” This issue brings to light the possible downside of remote locking/unlocking services from various manufacturers: vulnerability to creative hackers to get in your car. The BMW breach comes on the heels of the massive data breach that hit health insurance company Anthem.
	Appreciate 0 Tweet Quote

02-05-2015, 06:37 PM	#2
Daftasabrush Fool 1857 Rep 3,542 Posts Drives: F31 340i Join Date: Jul 2014 Location: England iTrader: (0)	The issue is only with the connection between the car and the BMW servers. Yes it should have been encrypted from the start, but the chances of interception happening either on the cellular network or on the network between the carrier and BMW is slim. So slim in fact that no compromise actually occurred. I can only assume that whoever wrote the system that communicates to the BMW network hadn't considered that one day it might be possible to fake a GSM cell using circa £2K worth of kit. Seeing as the service has been around for about 10 years, I would imagine that it wasn't feasibly possible to fake a GSM cell and so wasn't a problem. These days, of course it is, and it got forgot about. FWIW, the comms between BMW and your phone for the remote app IS encrypted over HTTPS.
	Appreciate 0 Quote

02-06-2015, 01:54 PM	#3
timmahh ghey 483 Rep 2,041 Posts Drives: Viertürigen Fahrzeugs Join Date: Oct 2010 Location: Southern California iTrader: (1)	MSN is a little late to report on this; http://f30.bimmerpost.com/forums/sho....php?t=1085588 1/30/15. BMW already resolved it as I understand. __________________ 21 G05 > 20 G05 > 17 G30 > 14 F30 > 08 E90
	Appreciate 1 Quote