BMW 1-Series Forum (F20) 135i - 1Addicts.com > BIMMERPOST Universal Forums > General BMW News and Cars Discussion > Security Vulnerabilities in BMW ConnectedDrive Portal
Post Reply
 
Thread Tools Search this Thread
      07-08-2016, 10:48 AM   #1
mcvaughan
Lieutenant Colonel
mcvaughan's Avatar
United_States
702
Rep
1,917
Posts

Drives: F87 Competition
Join Date: Sep 2012
Location: Katy, TX

iTrader: (1)

Security Vulnerabilities in BMW ConnectedDrive Portal

Not sure if this has been posted or not, but here goes:

http://thehackernews.com/2016/07/bmw...sj0ao09g1z.qpe
__________________
Matt
Appreciate 1
      07-09-2016, 12:55 AM   #2
tdavis42
Captain
tdavis42's Avatar
181
Rep
657
Posts

Drives: 08 E90 328i ZSP AT
Join Date: Feb 2016
Location: Phoenix, AZ

iTrader: (0)

Garage List
2008 328i  [0.00]
Hack BMW through browser

Hope they patch this ASAP could turn into something more. This is the curse of an always connected car.

They better come out with at least a stop gap if they don't have software ready to be deployed.

http://jalopnik.com/bmws-can-now-be-...nen-1783371533
Appreciate 0
      07-12-2016, 08:19 AM   #3
jaye944
Captain
No_Country
1007
Rep
638
Posts

Drives: a
Join Date: Jul 2015
Location: a

iTrader: (0)

actually this is not as silly as it sounds

I got copped the other day for speeding and I SWEAR I was only doing 100;
cop reckoned I was doing 150

damn car was hacked I tried to tell him, wouldnt believe me

Appreciate 0
      07-14-2016, 11:12 AM   #4
OutlawX3M
First Lieutenant
OutlawX3M's Avatar
United_States
296
Rep
353
Posts

Drives: 2016 BMW M3 ZCP. 2020 BMW X3M
Join Date: Jun 2016
Location: Long Island, NY

iTrader: (0)

Garage List
2016 BMW M3 ZCP  [0.00]
Quote:
Originally Posted by mcvaughan View Post
Not sure if this has been posted or not, but here goes:

http://thehackernews.com/2016/07/bmw...sj0ao09g1z.qpe
So just trying to shed some light on this one as I work in the IT security field.

So this is a "hack" of the website not the actual vehicle. It's a small distinction since the website connects to the vehicle and offers a path to initiate actions yet one to keep in mind. The weak link in this example is the website, no one has demonstrated a vulnerability via the vehicle itself (yet).

That said, because the website can interact with the vehicle, this is serious and I'm surprised that BMW didn't take a better approach.

I'm wondering what can be done via the Infotainment system on a BMW? I'm not fully versed in the architecture of BMW's control systems/modules to know. Maybe it is critical.... or treat it as critical until we know more?

It all depends on what BMW has exposed via APIs (application programming interfaces) within the infotainment system. In other words, a hacker can only do what's allowed to be done through commands available within the compromised system.

So if the infotainment system doesn't connect to the modules that control the brakes, engine etc, they haven't really done much have they? If it does, like in the case of the Jeep hack, well then we're sunk.

It's the greatest challenge of the "internet of things" and something the auto industry is focusing on. I work for a company that provides solutions for just this type of situation including the internet of things. There's one major auto manufacturer already using our solution to protect their vehicles (they even demo'd using a key fob like Apple Pay - not that I'd want to but hey, cool).

One day we'll get 2 factor access -- the key fob and your smartphone for instance. You'll need both to access the vehicle. Or the key fob is only valet mode unless you have your phone... fingerprint readers on the steering wheel? Why not. The sky's the limit.

I'm hoping BMW gets onboard with us soon... I understand they are looking to replace their existing solution and ours has made the final 2.
Appreciate 1
Post Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -5. The time now is 04:45 AM.




1addicts
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
1Addicts.com, BIMMERPOST.com, E90Post.com, F30Post.com, M3Post.com, ZPost.com, 5Post.com, 6Post.com, 7Post.com, XBimmers.com logo and trademark are properties of BIMMERPOST