BMW Fixes Flaw risking 2.2 Million Cars to Break-In

German luxury carmaker BMW has fixed a security flaw that could have allowed hackers to unlock the doors of up to 2.2 million Rolls-Royce, Mini and BMW vehicles.

BMW said officials at German motorist association ADAC had identified the problem, which affected cars equipped with the company's ConnectedDrive software using on-board SIM cards -- the chips used to identify authorised users of mobile devices. BMW drivers can use the software and SIM cards to activate door locking mechanisms, as well as a range of other services including real-time traffic information, online entertainment and air conditioning.

The security risk occurred when data was transmitted, BMW said, adding it did not impede the car's critical functions of driving, steering or braking. BMW said it was not aware of any examples where the data had been used to compromise the security of a vehicle.

In recent years, cyber-security experts have criticised the automotive industry for failing to do more to secure internal communications of vehicles with network-connected features.

In a similar story it is said that hackers could take control of vehicles after a BlueTooth dongle used by insurance companies to track drivers' habits was compromised, it has been claimed.

Two million American drivers use one of the devices from Progressive Insurance, which collects vehicle location and speed records.

Security researcher Corey Theun said he discovered that the firmware running on the dongle was "minimal and insecure".

He told Forbes: "It does no validation or signing of firmware updates, no secure boot, no cellular authentication, no secure communications or encryption, no data execution prevention or attack mitigation technologies ... basically it uses no security technologies whatsoever."

Mr. Thuen said that an attack on the adjacent modem was possible, and an attack on the insurance company's servers could allow a potentially deadly takeover of the car's acceleration and braking.

http://gadgets.ndtv.com/others/news/bmw-fixes-software-flaw

http://news.sky.com/story/1410523/dongle-hackers-could-take-control-of-car-brakes

« France's Online War Has A New Cyber Security Cell
NSA Surveillance Software Infecting Thousands of Computers Worldwide »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

GrammaTech

GrammaTech

GrammaTech is a leading developer of software-assurance tools and advanced cyber-security solutions.

Actiphy

Actiphy

Actiphy provides a tried and proven backup and disaster recovery software solution to ensure business continuity at all times.

Code Dx

Code Dx

Code Dx is a software application vulnerability correlation and management system.

SecuriThings

SecuriThings

SecuriThings is a User and Entity Behavioral Analytics (UEBA) solution for IoT security.

Bittium

Bittium

Bittium provides proven information security solutions for mobile devices and portable computers.

Signifyd

Signifyd

Signifyd is the world's largest provider of Guaranteed e-Commerce Fraud Protection.

Sysorex Government Services

Sysorex Government Services

Sysorex Government Services helps customers meet their strategic missions by providing secure, optimized IT solutions that allow them to perform more efficiently and effectively.

The Cyber Security Expert

The Cyber Security Expert

The Cyber Security Expert delivers cyber security consultancy, website and cloud security monitoring services, and specialist training services.

Redshift Consulting

Redshift Consulting

Redshift is an information management and information security consulting company offering a full range of services from infrastructure design to security assessments and network monitoring.

CybX Security LLC

CybX Security LLC

CybX is the first company of its kind to merge the practice of computer forensics with computer security and information security.

VariQ

VariQ

VariQ is a premier provider of Cybersecurity, Software Development and Cloud services to federal, state, and local government.

3B Data Security

3B Data Security

3B Data Security offer a range of Penetration Testing, Digital Forensics, Incident Response and Data Breach Management Services.

Maxxsure

Maxxsure

Maxxsure provides a platform for executive management, leveraging proprietary technology that identifies, measures, and scores a company’s cyber risks.

Commvault

Commvault

Commvault's data protection and information management solutions help companies protect, access and use all of their data, anywhere and anytime.

Trustaira

Trustaira

Trustaira is the first deep tech solution and service company in Bangladesh.

Auxilion

Auxilion

Auxilion is an award-winning provider of consulting and IT support services, technologies and consulting for public and private organisations in the UK and Ireland.