Connecting stuff to the internet can sometimes introduce fun new vulnerabilities, and so it has proven in the case of millions of BMW cars.
On Friday the German auto outfit announced it was sending an over-the-air update to cars featuring its SIM-based ConnectedDrive module. This allows drivers to remotely unlock their car, but the German automobile club ADAC had reverse-engineered the telematics software and warned [company]BMW[/company] that a flaw made it possible for third parties to unlock vehicles.
In a statement, BMW stressed that there wasn’t a flaw in its hardware, nor would any driving-related functions have been affected. The update, which introduces HTTPS encryption to the car’s connection with BMW’s servers, is automatically downloaded as soon as the car module talks to that system.
Hackers were in theory able to dupe the car into unlocking by creating a fake mobile network, according to Reuters. There is…
View original post 81 more words