Disable the GSM modem

bmwperson · 02-07-2015, 02:35 PM

Hey folks,

In response to the recent Connectdrive vulnerability I decided it's just easier to disable GSM connectivity altogether. Does anybody know where the modem is located and what the easiest way of turning off that functionality is?

Thanks
Tom

timmahh · 02-07-2015, 05:09 PM

BMW patched the issue. It was a vulnerability discovered; not that someone was hacked.. no damage was done and it's been resolved. It seems easier to leave it as is, patched, vs. trying to figure out what component to remove without screwing up other systems.

Potentially the car has a sim card, but if not, you'd need to unplug whatever device it is that houses the GSM communications, which is probably integrated into the combox and part of the fiber network within the car. If you wish to remove this completely you'll need to locate the MOST block and remove it from the fiber ring so that nothing tries to communicate with it. Additionally there are various systems [bluetooth, me thinks] that will be looking for it and no longer function, and you'll need to code them all out, if that's even possible.

tl;dr leave it alone, it's fixed.

bmwperson · 02-07-2015, 05:31 PM

I don't know if it's patched or not, but anybody that uses the same symmetric keys across all the encryption device is an idiot. I assume the same people are responsible for that designed the rest of the system; it's just that nobody yet bothered to explore the that aspect of the system.

I simply don't care for the BMW services, the realtime traffic is crap, Navtech is absolute garbage, data access is slow. I'm simply disabling the services I don't use that would otherwise be open to any kid with a BTS station.

PS do you have any documentation as to what was patched?

timmahh · 02-07-2015, 09:31 PM

Here is a site with all of the info pertaining to the issue: http://www.heise.de/ct/artikel/Beeme...e-2540957.html

As for what they did, I believe they modified it so that instead of just going via HTTP, it now goes via HTTPS between their servers and the car itself.

"For its part, BMW says it hasn't seen any reports of compromises to vehicle security, and now it's using HTTPS to encrypt all data transmissions. Perhaps best of all? Owners of the 2.2 million affected vehicles didn't need to hit the dealership for this patch -- it was already delivered over the air. The update pushed automatically once the system connected to BMW's servers recently, but those who keep a car stored may want to hop in and hit the "Update Services" button. Good thing, because taking all three of your rides in for service (like they did in 2012 to fix a problem with the ODB port that thieves actually used to steal cars, and as of 2014 were still using on unpatched vehicles) would probably be kind of inconvenient."

squidlyboy · 02-07-2015, 11:27 PM

Quote:

Originally Posted by bmwperson

In response to the recent Connectdrive vulnerability I decided it's just easier to disable GSM connectivity altogether. Does anybody know where the modem is located ?

I don't know if this is what you are looking for, but i just happened to be working in my trunk tonight upgrading some audio equipment and i just happened to see a part that had on its label an IMEI identifier, when i came across your post. I looked up the part and it was the bluetooth module, but possibly BMW combined the cell radio along with the BT module in the same component?

02-07-2015, 02:35 PM	#1
bmwperson Second Lieutenant 29 Rep 209 Posts Drives: 4wheels Join Date: Dec 2013 Location: Pl iTrader: (0)	Disable the GSM modem Hey folks, In response to the recent Connectdrive vulnerability I decided it's just easier to disable GSM connectivity altogether. Does anybody know where the modem is located and what the easiest way of turning off that functionality is? Thanks Tom __________________ -- 1997 BMW M3 Single turbo 723whp GT42R 2000 BMW M5 - Daily 2014 BMW 335i xDrive 6spd loaded
	Appreciate 0 Tweet Quote

02-07-2015, 05:09 PM	#2
timmahh ghey 483 Rep 2,041 Posts Drives: Viertürigen Fahrzeugs Join Date: Oct 2010 Location: Southern California iTrader: (1)	BMW patched the issue. It was a vulnerability discovered; not that someone was hacked.. no damage was done and it's been resolved. It seems easier to leave it as is, patched, vs. trying to figure out what component to remove without screwing up other systems. Potentially the car has a sim card, but if not, you'd need to unplug whatever device it is that houses the GSM communications, which is probably integrated into the combox and part of the fiber network within the car. If you wish to remove this completely you'll need to locate the MOST block and remove it from the fiber ring so that nothing tries to communicate with it. Additionally there are various systems [bluetooth, me thinks] that will be looking for it and no longer function, and you'll need to code them all out, if that's even possible. tl;dr leave it alone, it's fixed. __________________ 21 G05 > 20 G05 > 17 G30 > 14 F30 > 08 E90
	Appreciate 0 Quote

02-07-2015, 05:31 PM	#3
bmwperson Second Lieutenant 29 Rep 209 Posts Drives: 4wheels Join Date: Dec 2013 Location: Pl iTrader: (0)	I don't know if it's patched or not, but anybody that uses the same symmetric keys across all the encryption device is an idiot. I assume the same people are responsible for that designed the rest of the system; it's just that nobody yet bothered to explore the that aspect of the system. I simply don't care for the BMW services, the realtime traffic is crap, Navtech is absolute garbage, data access is slow. I'm simply disabling the services I don't use that would otherwise be open to any kid with a BTS station. PS do you have any documentation as to what was patched? __________________ -- 1997 BMW M3 Single turbo 723whp GT42R 2000 BMW M5 - Daily 2014 BMW 335i xDrive 6spd loaded
	Appreciate 1 Quote

02-07-2015, 09:31 PM	#4
timmahh ghey 483 Rep 2,041 Posts Drives: Viertürigen Fahrzeugs Join Date: Oct 2010 Location: Southern California iTrader: (1)	Here is a site with all of the info pertaining to the issue: http://www.heise.de/ct/artikel/Beeme...e-2540957.html As for what they did, I believe they modified it so that instead of just going via HTTP, it now goes via HTTPS between their servers and the car itself. "For its part, BMW says it hasn't seen any reports of compromises to vehicle security, and now it's using HTTPS to encrypt all data transmissions. Perhaps best of all? Owners of the 2.2 million affected vehicles didn't need to hit the dealership for this patch -- it was already delivered over the air. The update pushed automatically once the system connected to BMW's servers recently, but those who keep a car stored may want to hop in and hit the "Update Services" button. Good thing, because taking all three of your rides in for service (like they did in 2012 to fix a problem with the ODB port that thieves actually used to steal cars, and as of 2014 were still using on unpatched vehicles) would probably be kind of inconvenient." __________________ 21 G05 > 20 G05 > 17 G30 > 14 F30 > 08 E90
	Appreciate 0 Quote