BMW moves quickly to solve security hole
A flaw discovered by Allgemeiner Deutscher Automobil-Club e.V. (ADAC) in BMW’s ConnectedDrive system has now been solved by the manufacturer.
More than 2.2 million vehicles were said to be affected by the vulnerability to ConnectedDrive, BMW’s in-car operating system. ADAC reported that a mobile was all that was required to access the platform.
By spoofing a phone network ADAC was able to break into ConnectedDrive. From here it was possible to control heating, ventilating, and air conditioning, tap into car information and even unlock doors.
BMW has since released a statement of its own saying that the security gap has now been closed thanks to a new configuration that will be installed on the affected cars as soon as they connect to BMW’s servers.
ADAC found the issue as part of a programme of system security testing, which BMW had requested. The association chose not to release its findings until the manufacturer had solved the problem.
Throughout the testing BMW has said that no hardware was impacted. It also said that no data has previously been accessed by unauthorised people, while no attempts to access ConnectedDrive had been made either.