01-30-2015, 07:01 AM | #1 |
Second Lieutenant
45
Rep 271
Posts |
BMW increases ConnectedDrive security after potential security gap reported by ADAC
Featured on BIMMERPOST.com 30.01.2015 Munich. As the leading manufacturer in the networking of driver, vehicle and the surrounding environment, the BMW Group is increasing the security of data transmission in its vehicles. This is the company’s response to reports from the German Automobile Association (ADAC). The motorist’s association had identified a potential security gap when data is transmitted. The BMW Group has already closed this gap with a new configuration. The experts from the ADAC had put the company through a strategic review as market leader in vehicle networking. This check revealed a potential security gap affecting the transmission path via the mobile phone network. BMW Group hardware was not impacted. The online capability of BMW Group ConnectedDrive allowed the gap to be closed quickly and safely in all vehicles. Access to functions relevant to driving was excluded at all times. There was no need for vehicles to go to the workshop. The update is carried out automatically as soon as the vehicle connects up to the BMW Group server or the driver calls up the service configuration manually. The online services of BMW Group ConnectedDrive communicate with this configuration via the HTTPS protocol (HyperText Transfer Protocol Secure) which had previously been used for the service BMW Internet and other functions. The BMW Group ConnectedDrive packages in the vehicle are thereby using encryption which in most cases is also being used by banks for online banking. On the one hand, data are encrypted with the HTTPS protocol, and on the other hand, the identity of the BMW Group server is checked by the vehicle before data are transmitted over the mobile phone network. In this way, the BMW Group has responded promptly and increased the security of BMW Group ConnectedDrive, because no cases have come to light yet in which data has been called up actively by unauthorised persons from outside or an attempt of this kind is made in the first place. |
01-30-2015, 09:27 AM | #2 |
Second Lieutenant
85
Rep 280
Posts |
To be honest, the title should have been: "ConnectedDrive hacked", not "increases security"...
Was only a matter of time until somebody would use the remote services through a hack WTF was BMW thinking to use a not encrypted connection in the first place -.- |
Appreciate
0
|
01-30-2015, 02:21 PM | #3 | ||
Give '///M' Hell!
129
Rep 1,328
Posts |
Connected Drive vulnerability to hacking
BMW press release reveals German Automobile Association (ADAC) findings that Connected Drive equipped Bimmers and MINIs are susceptible to being accessed by unauthorized cellular users who then have access to all ConnectedDrive features. BMW has apparently released a fix (not sure if it will be available in the US OTA as the press release indicates). BMW Press Release: (https://www.press.bmwgroup.com/globa...tem=node__5238) Quote:
ADAC link: http://www.adac.de/infotestrat/techn...spx#tabid=tab1 Quote:
__________________
The 1 series M is the most badass, coolest, sickest BMW to debut since the 1988 M3. The E30 M3 finally has a successor. Please welcome the stupidly fast, wickedly tempered, awkwardly named, possibly perfect little son of a benchmark - Automobile Magazine, August 2011
|
||
Appreciate
0
|
01-30-2015, 02:34 PM | #4 |
Major
790
Rep 1,113
Posts |
I'd like to find said hacker and offer them money for a remote start feature.
__________________
2003 11/02 Steel Gray Metallic on Red M3 - SMGII - VF570 - SUPERSPRINT - KW - BBS - CSL ROOF SOLD
2015 09/14 Alpine White on Red 435i xDrive MPPK - Expensive black vinyl with special lettering. SOLD 2020 12/19 Mineral Gray Metallic on Black Vinyl interior M340i xDrive |
Appreciate
0
|
01-30-2015, 03:18 PM | #5 | |
Colonel
894
Rep 2,421
Posts
Drives: 2018 BMW M2 & 2024 BMW X1 M35i
Join Date: Feb 2010
Location: Fort Lauderdale, FL
|
Quote:
__________________
Follow my builds:
The Racecar (2018 M2 - M0010): Build Thread | @_m0010 The Daily (2024 X1 M35i - X001M35):Build Thread | @_x001m35 |
|
Appreciate
0
|
01-30-2015, 04:23 PM | #6 |
Private
22
Rep 85
Posts |
+1... Heck +99 for remote start!
They disable features like variable light distinction for North America, perhaps they could just make remote start a possibility and disable it for Europe. |
Appreciate
0
|
01-30-2015, 05:01 PM | #7 |
Kind of a big deal
303
Rep 1,676
Posts
Drives: an 1M not often enough
Join Date: Jan 2011
Location: between Unlimited and Hard to Get
|
Not just BMW, from now, anyone with bad intentions can "assist" you. Hopefully this is the last security glitch.
Hail to pure analogue fun. |
Appreciate
0
|
01-30-2015, 05:10 PM | #8 |
European Editor
10822
Rep 22,992
Posts |
Here is the ADAC video... (sorry its in German)
__________________
|
Appreciate
0
|
01-30-2015, 06:36 PM | #9 |
Kind of a big deal
303
Rep 1,676
Posts
Drives: an 1M not often enough
Join Date: Jan 2011
Location: between Unlimited and Hard to Get
|
Interesting statement in the video is that BMW is said to have been applying the remote updates for this glitch already from 8 december 2014 onwards.
Hopefully this means that all affected cars that had their battery connected and were within mobile range since December '14 are no longer vulnerable? |
Appreciate
1
|
01-30-2015, 06:42 PM | #10 | |
European Editor
10822
Rep 22,992
Posts |
Quote:
__________________
|
|
Appreciate
0
|
01-30-2015, 07:29 PM | #11 |
Colonel
285
Rep 2,671
Posts
Drives: Goggomobil
Join Date: Jul 2007
Location: Kangaroo land
|
This is all about stakeholders working together and in partnership. Good outcome.
__________________
|
Appreciate
0
|
01-30-2015, 07:48 PM | #12 | |
Resident Kerbalnaut
484
Rep 10,703
Posts |
Quote:
That being said, it would be nice if the fix didnt simply involve using typical HTTP encryption. |
|
Appreciate
1
|
01-30-2015, 08:18 PM | #13 |
Brigadier General
506
Rep 3,445
Posts |
Widely reported. The good news is it can be fixed remotely.
__________________
See my photography at http://ronscubadiver.wordpress.com
|
Appreciate
0
|
01-31-2015, 02:58 AM | #15 |
Major
87
Rep 1,448
Posts |
So, March 2010 cars onwards. In other words combox cars. So pre combox cars are also likely insecure but they can't update those remotely like they can combox cars. So anyone with PRE MARCH 2010 NEWER STYLE IDRIVE is likely STILL AT RISK. Nice.
|
Appreciate
0
|
01-31-2015, 03:05 AM | #16 | ||
Enlisted Member
6
Rep 43
Posts |
Quote:
Quote:
As far as I know, the test was conducted by the ADAC, in order to find out if normal workshop have disadvantages in repairing a vehicle equipped with connected drive. please don’t turn the story in BMW propaganda style… „Ein vom ADAC beauftragter Sicherheitsexperte entdeckte eine Lücke“ http://www.heise.de/newsticker/meldu...t-2533601.html |
||
Appreciate
0
|
01-31-2015, 10:15 AM | #17 | |||
Second Lieutenant
18
Rep 258
Posts |
Quote:
Not that I don't trust car manufacturers,,,, ok, I don't.
__________________
2011 328i RWD Sports 6MT, BMW P/E, aFe Magnum stage 2, AA tune, P3cars gauge, LUX
|
|||
Appreciate
0
|
02-02-2015, 07:34 PM | #19 |
Lieutenant General
5048
Rep 11,904
Posts |
The update is carried out automatically as soon as the vehicle connects up to the BMW Group server or the driver calls up the service configuration manually.
So this implies that there is some type of auto update for the new security features. However, on my car, I don't use ConnectedDrive at all. I never have and never will as I don't use an iphone device. How do I get an update in this case?
__________________
22 Phytonic/Coffee X5 45e (CoVID-free)
08 Speed Yellow 911 GT3 Sharkwerks 12 AW/Cinnamon X5d Sports Pkg (retired) 14 AW/Beige M6GC ZCP, MPE, V2 steering wheel, vorsteiner (retired) 08 SSII/Black E90 M3 (retired) |
Appreciate
0
|
02-05-2015, 12:19 PM | #21 |
Banned
3271
Rep 6,299
Posts |
Didn't they already resolve many of these issues with an OTA update last week?
Plus, someone will look at that article and notice that they use "beemer" instead of "bimmer"... |
Appreciate
0
|
Post Reply |
Bookmarks |
Thread Tools | Search this Thread |
|
|