BMW Fixes Flaw risking 2.2 Million Cars to Break-In

Uploaded on 2015-02-18 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Manufacturing

German luxury carmaker BMW has fixed a security flaw that could have allowed hackers to unlock the doors of up to 2.2 million Rolls-Royce, Mini and BMW vehicles.

BMW said officials at German motorist association ADAC had identified the problem, which affected cars equipped with the company's ConnectedDrive software using on-board SIM cards -- the chips used to identify authorised users of mobile devices. BMW drivers can use the software and SIM cards to activate door locking mechanisms, as well as a range of other services including real-time traffic information, online entertainment and air conditioning.

The security risk occurred when data was transmitted, BMW said, adding it did not impede the car's critical functions of driving, steering or braking. BMW said it was not aware of any examples where the data had been used to compromise the security of a vehicle.

In recent years, cyber-security experts have criticised the automotive industry for failing to do more to secure internal communications of vehicles with network-connected features.

In a similar story it is said that hackers could take control of vehicles after a BlueTooth dongle used by insurance companies to track drivers' habits was compromised, it has been claimed.

Two million American drivers use one of the devices from Progressive Insurance, which collects vehicle location and speed records.

Security researcher Corey Theun said he discovered that the firmware running on the dongle was "minimal and insecure".

He told Forbes: "It does no validation or signing of firmware updates, no secure boot, no cellular authentication, no secure communications or encryption, no data execution prevention or attack mitigation technologies ... basically it uses no security technologies whatsoever."

Mr. Thuen said that an attack on the adjacent modem was possible, and an attack on the insurance company's servers could allow a potentially deadly takeover of the car's acceleration and braking.

http://gadgets.ndtv.com/others/news/bmw-fixes-software-flaw

http://news.sky.com/story/1410523/dongle-hackers-could-take-control-of-car-brakes

« France's Online War Has A New Cyber Security Cell
NSA Surveillance Software Infecting Thousands of Computers Worldwide »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Korea Internet & Security Agency (KISA)

Korea Internet & Security Agency (KISA)

KISA is committed to improving the competitiveness, reliability and security of Internet information and knowledge in Korea.

CANVAS Consortium

CANVAS Consortium

The CANVAS Consortium aims to unify technology developers with legal and ethical scholar and social scientists to approach the challenges of cybersecurity.

Cog Systems

Cog Systems

Cog Systems offer an embedded solution built on modularity, proactive security, trustworthiness, and adaptability to enable highly secure connected devices.

Tenzir

Tenzir

Tenzir's primary focus lies on network forensics: the systematic investigation of cyber attacks with big data analytics.

Exeon Analytics

Exeon Analytics

Exeon Analytics is a Swiss cyber security company that is specialized in detecting hidden data breaches and advanced cyber attacks.

Greensafe IT

Greensafe IT

Greensafe offer various onsite and offsite data erasure services, aimed at increasing data security whilst reducing any risk of data loss during transit.

Secure-IC

Secure-IC

Secure-IC provide end-to-end, best-of-breed security expertise, solutions, and hardware & software technologies, for embedded systems and connected objects.

NTT Group

NTT Group

NTT offers agile, scalable technology services to bring it all together seamlessly, securely, and sustainably. We help you adopt a holistic security approach across your network, clouds, applications.

Mindsprint

Mindsprint

Mindsprint (formerly Olam Technology and Business Services - OTBS) are a leading edge technology and business services firm.

FastPassCorp

FastPassCorp

In the world of IT, identity theft is a growing concern. FastPass offers an innovative solution as a cloud or on-premises offering.

AI or Not

AI or Not

AI or Not - Leverage AI to combat misinformation and elevate the landscape of compliance solutions.

DataTrails

DataTrails

DataTrails enables organizations to prove and verify the provenance and authenticity of any data they use in their business operations.

Liverton Security

Liverton Security

Liverton Security is a New Zealand-owned cyber security provider offering consultancy and security-related products to government and commercial customers throughout New Zealand.

EyBrids

EyBrids

As a forward-thinking cybersecurity consulting firm, we believe that robust security is the foundation for innovation and growth in today’s digital landscape.

Inoxoft

Inoxoft

Inoxoft delivers IT security consulting, assessment, and protection services to help businesses secure their infrastructure, applications, and sensitive data.

EH1-Infotech Cybersecurity

EH1-Infotech Cybersecurity

EH1-Infotech Cybersecurity is a company dedicated to providing structured, enterprise-grade cybersecurity services to B2B clients - including startups, SaaS platforms, and mid-sized organizations.