BMW fix ConnectedDrive security flaw
By Kyle Linsay
Wednesday, February 4, 2015 - 14:00
Dat driving face
BMW has patched a security flaw had left 2.2 million vehicles open to hackers.
The flaw affected models – including MINI and Rolls Royce – which are fitted with BMW’s ConnectedDrive software which uses an on-board Sim card.
There were no documented cases of hacking but the flaw, identified by the ADAC, revealed that door locks, air conditioning and traffic updates were all controlled by the software
ADAC’s researchers found the cars would try to communicate via a spoofed phone network, leaving potential hackers able to control anything activated by the Sim.
The patch, which can be applied automatically, included making data from the car encrypted via HTTPS – the same security commonly used for online banking and retail.
“On the one hand, data are encrypted with the HTTPS protocol, and on the other hand, the identity of the BMW Group server is checked by the vehicle before data are transmitted over the mobile phone network,” BMW said in a statement last week.
If you are worried that your vehicle may not have received the update you should manually choose ‘Update Services’ from your car’s menu.