BMW Group announced that it has increased the security of data transmission in its vehicles in response to reports from the German Automobile Association (ADAC). ADAC identified a potential security gap during data transmission. BMW fixed the problem with a new configuration using HTTPS.
Some reports suggest that the vulnerability could have allowed hackers to open doors of 2.2 million BMWs, Mini and Rolls-Royce vehicles.
ADAC checks revealed a potential security gap affecting the transmission path via the mobile phone network. Researchers were able to simulate the existence of a fake wireless network, which BMW cars attempted to access, allowing hackers to manipulate functions via a SIM card.
BMW Group hardware was not affected. BMW Group ConnectedDrive online connections closed the gap in all vehicles. BMW reported that driving functions were not hackable.There is no need for cars to be taken to the dealers.
The update is carried out automatically as soon as the vehicle connects up to the BMW Group server or the driver configures it.
The online services of BMW ConnectedDrive implemented HTTPS protocol (HyperText Transfer Protocol Secure). BMW ConnectedDrive is now using encryption which in most cases is also being used by banks for online banking. Security is checked on two ends, data encryption with the HTTPS protocol, and the identity of the BMW Group server is checked by the vehicle before data transmission over a mobile phone network.
BMW responded promptly and increased the security of BMW Group ConnectedDrive, with no cases of unauthorized persons from outside or any known hacks to the systems.