BMW Fixes Flaw risking 2.2 Million Cars to Break-In

Uploaded on 2015-02-18 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Manufacturing

German luxury carmaker BMW has fixed a security flaw that could have allowed hackers to unlock the doors of up to 2.2 million Rolls-Royce, Mini and BMW vehicles.

BMW said officials at German motorist association ADAC had identified the problem, which affected cars equipped with the company's ConnectedDrive software using on-board SIM cards -- the chips used to identify authorised users of mobile devices. BMW drivers can use the software and SIM cards to activate door locking mechanisms, as well as a range of other services including real-time traffic information, online entertainment and air conditioning.

The security risk occurred when data was transmitted, BMW said, adding it did not impede the car's critical functions of driving, steering or braking. BMW said it was not aware of any examples where the data had been used to compromise the security of a vehicle.

In recent years, cyber-security experts have criticised the automotive industry for failing to do more to secure internal communications of vehicles with network-connected features.

In a similar story it is said that hackers could take control of vehicles after a BlueTooth dongle used by insurance companies to track drivers' habits was compromised, it has been claimed.

Two million American drivers use one of the devices from Progressive Insurance, which collects vehicle location and speed records.

Security researcher Corey Theun said he discovered that the firmware running on the dongle was "minimal and insecure".

He told Forbes: "It does no validation or signing of firmware updates, no secure boot, no cellular authentication, no secure communications or encryption, no data execution prevention or attack mitigation technologies ... basically it uses no security technologies whatsoever."

Mr. Thuen said that an attack on the adjacent modem was possible, and an attack on the insurance company's servers could allow a potentially deadly takeover of the car's acceleration and braking.

http://gadgets.ndtv.com/others/news/bmw-fixes-software-flaw

http://news.sky.com/story/1410523/dongle-hackers-could-take-control-of-car-brakes

« France's Online War Has A New Cyber Security Cell
NSA Surveillance Software Infecting Thousands of Computers Worldwide »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Ripjar

Ripjar

Ripjar is a global company of talented technologists, data scientists and analysts designing products that will change the way criminal activities are detected and prevented.

ASU Online - Information Technology Program

ASU Online - Information Technology Program

The Information Technology program at ASU Online provides you with the expertise to design, select, implement and administer computer-based information solutions.

Black Kite

Black Kite

Black Kite (formerly NormShield) provides comprehensive Security-as-a-Service solutions focused on cyber threat intelligence, vulnerability management and continuous perimeter monitoring.

Cybersixgill

Cybersixgill

Cybersixgill was founded with a single mission: to protect organizations against malicious cyber attacks that come from the deep and dark web, before they materialize.

HYPR

HYPR

HYPR Decentralized Authentication minimizes the risk of enterprise data breaches while providing an enhanced user experience for your customers and employees.

Forensic Pathways

Forensic Pathways

Forensic Pathways focus on the provision of digital forensic technologies, offering clients unique technologies in the management of mobile phone data, image analysis and ballistics analysis.

Consensys

Consensys

ConsenSys is a global blockchain company. We develop enterprise applications, invest in startups, build developer tools, and offer blockchain education.

DarkOwl

DarkOwl

DarkOwl provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data.

ITsMine

ITsMine

ITsMine’s Beyond DLP solution is a leading Data Loss Prevention solution used by organizations to protect against internal and external threats automatically.

Boeing

Boeing

Boeing is the world's largest aerospace company and leading manufacturer of commercial jetliners, defense, space and security systems.

Singtel Innov8

Singtel Innov8

Singtel Innov8, the venture capital arm of the Singtel Group, invests in and partners with innovative technology start-ups globally.

Inversion6

Inversion6

Inversion6 (formerly MRK Technologies) is a cybersecurity risk management provider that offers custom security solutions.

BluSapphire

BluSapphire

BluSapphire is an industry-first, purpose-built, cloud-native, Hybrid XDR platform powered by AI and big data analytics.

Positiwise Software Pvt Ltd

Positiwise Software Pvt Ltd

Positiwise Software offers end-to-end software development solutions to accelerate the digital growth of businesses.

Ampsight

Ampsight

Ampsight specializes in enabling cloud integration, securing data, and navigating complications that drive critical-mission success.

Loccus AI

Loccus AI

Loccus are developers of AI solutions in the voice safety space. We build identity verification solutions, deepfake detection systems and fraud protection products for companies and end-users.