We already worry about our computers, our phones, and our credit cards being hacked, and now we can officially add our cars to the list. It seems that BMW’s Connected Drive remote-services is easily hackable, which has left 2.2 million owners with cars that aren’t secure.
The German Automobile Association (ADAC) discovered the problem, finding that they could send phony signals to SIM cards in the affected cars and mimic mobile applications. This let them do things like unlock the doors and only took a matter of minutes to accomplish. Even scarier, there was no evidence left behind so an owner would have no idea there car had even been hacked in their absence.
BMW took immediate action to fix the problem and has been sending out over-the-air updates to cars over the last week. It simply involved a fix to the car’s software, so many owners may have gotten the update and not even know that the patch was installed. Although most vehicles have gotten the patch, some owners in the US might still not have gotten their update.
The problem was found in BMW, Rolls-Royce and MINI vehicles equipped with Connected Drive since 2010 and was first discovered by ADAC last year. They held off on releasing their findings in order to give the company time to come up with a solution. Despite the ease with which the cars could be hacked, there have been no reports of anyone actually having their car hacked.
The problem all comes down to the mobile app that allows owners to access select functions from their phones. The app controls things like unlocking the doors, honking the horn, and flashing the lights. It also lets drivers manipulate the climate control settings and download directions directly to their vehicles.
The one most likely to cause trouble there would be unlocking the car, since that would give a thief access to anything left inside. On a positive note, the app doesn’t control any of the things likely to cause not just theft but physical harm.
No one could mess with the car’s steering, acceleration, or any of the functions used to actually drive the car. This is small comfort as one breach definitely makes you worry about the next. Although BMW took quick steps to resolve the problem, it’s a reminder that our increasingly connected cars are opening us up to a new world of dangers through hacking.