As reported by The Stack: BMW has fixed a security bug which left 2.2 million cars, including models from Rolls Royce and Mini, exposed to hackers.
The flaw was discovered in vehicles using BMW’s ConnectedDrive software,
which runs from an installed on-board SIM card. Via the smartphone app,
owners can remotely control a number of functions including door locks,
air conditioning and sounding the horn. The software does not operate
any of the vehicles’ hardware such as brakes or steering.
Researchers from the German motorist association ADAC identified
the flaw which allowed the system to connect to fake mobile phone
networks, enabling hackers to remotely control the Sim card. No known
hacks have been reported.
BMW has now applied a patch employing HTTPS protocol (HyperText Transfer Protocol Secure) to encrypt the data from the cars.
"On the one hand, data are encrypted with the HTTPS protocol, and on
the other hand, the identity of the BMW Group server is checked by the
vehicle before data are transmitted over the mobile phone network," BMW
released in a statement.
For security experts the use of HTTPS should have been a given
practice. "You would probably have hoped that BMW's engineers would have
thought about [using HTTPS] in the first place," said security blogger Graham Cluley.
As an increasing number of connected cars are introduced into the
market, experts warn of the growing threat of malware and hacking
targeted at vehicles.
"I think we are going to see more malicious attacks [on connected
cars]. If someone finds a vulnerability in an internet-enabled car you
could have the same situation that you have now for browsers...it
doesn't take much imagination to think of the abuse this could cause,"
Mark O’Neill of software organisation Axway, told IBTimes UK.
However, this BMW case has helped to instill confidence that software
updates and patches can be distributed swiftly and effortlessly to
connected vehicles, with drivers able to manually select updates to
ensure they are fully covered.
No comments:
Post a Comment