BMW Fixes Flaw risking 2.2 Million Cars to Break-In

Uploaded on 2015-02-18 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Manufacturing

German luxury carmaker BMW has fixed a security flaw that could have allowed hackers to unlock the doors of up to 2.2 million Rolls-Royce, Mini and BMW vehicles.

BMW said officials at German motorist association ADAC had identified the problem, which affected cars equipped with the company's ConnectedDrive software using on-board SIM cards -- the chips used to identify authorised users of mobile devices. BMW drivers can use the software and SIM cards to activate door locking mechanisms, as well as a range of other services including real-time traffic information, online entertainment and air conditioning.

The security risk occurred when data was transmitted, BMW said, adding it did not impede the car's critical functions of driving, steering or braking. BMW said it was not aware of any examples where the data had been used to compromise the security of a vehicle.

In recent years, cyber-security experts have criticised the automotive industry for failing to do more to secure internal communications of vehicles with network-connected features.

In a similar story it is said that hackers could take control of vehicles after a BlueTooth dongle used by insurance companies to track drivers' habits was compromised, it has been claimed.

Two million American drivers use one of the devices from Progressive Insurance, which collects vehicle location and speed records.

Security researcher Corey Theun said he discovered that the firmware running on the dongle was "minimal and insecure".

He told Forbes: "It does no validation or signing of firmware updates, no secure boot, no cellular authentication, no secure communications or encryption, no data execution prevention or attack mitigation technologies ... basically it uses no security technologies whatsoever."

Mr. Thuen said that an attack on the adjacent modem was possible, and an attack on the insurance company's servers could allow a potentially deadly takeover of the car's acceleration and braking.

http://gadgets.ndtv.com/others/news/bmw-fixes-software-flaw

http://news.sky.com/story/1410523/dongle-hackers-could-take-control-of-car-brakes

« France's Online War Has A New Cyber Security Cell
NSA Surveillance Software Infecting Thousands of Computers Worldwide »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

RedTeam Security

RedTeam Security

RedTeam Security is a provider of Penetration Testing, Social Engineering, Red Teaming and Red Team Training services.

GigaOm

GigaOm

GigaOm's mission is to provide enterprises with information and analysis to help them make better decisions about technology.

National Cyber Security Centre (NCSC) - United Kingdom

National Cyber Security Centre (NCSC) - United Kingdom

The NCSC acts as a bridge between industry and government, providing a unified source of advice, guidance and support on cyber security, including the management of cyber security incidents.

Merlin Cyber

Merlin Cyber

Merlin is a premier cybersecurity platform that leverages security technologies, trusted relationships, and capital to develop and deliver groundbreaking security solutions.

KeepSolid

KeepSolid

KeepSolid is a Virtual Private Network services provider offering secure encrypted access to the internet.

Griffeshield

Griffeshield

Griffeshield is a company specialised in new information technologies used to protect Intellectual Property.

Onfido

Onfido

Onfido is building the new identity standard for the internet. We digitally prove people’s real identities using a photo ID and facial biometrics.

Vention

Vention

Vention (formerly iTechArt) is the partner of forward-thinking tech leaders around the globe.

TekSynap

TekSynap

TekSynap is a full spectrum Information Technology services provider to federal government agencies.

NANDoff Data Recovery

NANDoff Data Recovery

NANDoff is a flat rate data recovery service. We serve the electronics industry around the globe 24/7.

HEROIC Cybersecurity

HEROIC Cybersecurity

HEROIC’s enterprise cybersecurity services help improve overall organizational security with industry best practices and advanced technology solutions.

Keytos

Keytos

Keytos has revolutionized the Identity Management and PKI industry by creating cryptographic tools that allow you to go password-less by making security transparent to the user.

FusionAuth

FusionAuth

FusionAuth is the customer authentication and authorization platform that makes developers' lives awesome.

Panoptic Cyber

Panoptic Cyber

Panoptic Cyber are a team of elite Armed Forces Veterans who hold a wealth of experience in Information Security, Cyber Security, Data Protection and Risk Management.

Cyberscope

Cyberscope

Cyberscope is a Web3 security firm specializing in smart contract audits, crypto security audits, and blockchain vulnerability assessments.

National Protective Security Authority (NPSA) - UK

National Protective Security Authority (NPSA) - UK

NPSA is part of MI5 and is the National Technical Authority for physical and personnel protective security. By making the UK more resilient to national security threats, we help to make the UK safe.