According to an article from the folks at AutoBlog, more than two million BMW vehicles are susceptible to security breaches, due to an issue with their Connecteddrive system.
Security experts were able to find a breach in the Connecteddrive remote services system and gain access to vehicles. The breach was due to unencrypted code between the vehicle and the phone app used to access it. It's pretty scary that access was able to be gained without them being anywhere near the vehicle. 'German researchers spoofed a cell-phone station and sent fake messages to a SIM card within a BMW's telematics system. Once inside, they locked and unlocked car doors. Other researchers have demonstrated it's possible to hack into a car and control its critical functions, but what separates this latest exploit from others is that it was conducted remotely.'
This problem may not be limited to just BMW. There are other systems very similar to BMW's ConnectedDrive, so it isn't crazy to think others could have the same issue. At least this was done by security researchers, rather than hackers, who discovered the problem and notified BMW so they could update software to address the security issue. European vehicles have since received an over-the-air software update. However, in the US, BMW hasn't relayed how many vehicles were affected, or if US vehicles have received the software update.
Check out the video on the vulnerability of Connecteddrive. It's in German, but it shows them manipulating a BMW's locks and lights remotely.
http://youtu.be/kzh0xn13b7k
Read the full article from AutoBlog here!
