By tapping into a security flaw in a digital-service system, hackers can wirelessly open BMW, Mini and Rolls-Royce vehicles in minutes, according to a report by German auto club ADAC. This is why we are not big fans of cars with extensive connectivity via the internet.
About 2.2 million vehicles equipped with BMW Group’s ConnectedDrive service were vulnerable, ADAC said. The carmaker said it upgraded the system to close the security gap and that the software update will take place automatically when vehicle connects to BMW’s server.
“The BMW Group has responded promptly and increased the security,” the company said in a statement. While BMW said the flaw wouldn’t have made it possible to drive off in the car, the security gap highlights risks associated with the increase in digital services in cars. Wireless-enabled features such as remote access or pre-heating the interior on a cold winter morning require new layers of security systems to safeguard the customer and the vehicle.
Cars at risk included models with ConnectedDrive such as the Rolls-Royce Phantom, Mini hatchback and most BMWs, including the i3 electric-car. The vehicles were produced between March 2010 and December 2014, ADAC said. BMW said that it wasn’t aware of any cases in which the flaw was exploited.
If hackers can get into your office computer with numerous firewalls and safety systems, how much easier will it be to get into a car and then drive it away remotely if the car has autonomous driving features?