According to Reuters, the software vulnerability allowed hackers to trick the cars into believing they were connected to a mobile phone network, granting them access to on-board systems.
The flaw existed in cars equipped with BMW’s ConnectedDrive, which allows owners to perform some peripheral vehicle functions remotely, such as lock and unlock doors, manipulate climate control features or interact with web-connected applications.
BMW insists that critical systems (throttle, braking, steering) were isolated and not vulnerable to being compromised from the outside, and the manufacturer is not aware of any real-world incidents related to the problem. The flaw was discovered by ADAC.
BMW was able to roll out a fix remotely, utilizing the same system that made them vulnerable to attack in the first place.
“The online capability of BMW Group ConnectedDrive allowed the gap to be closed quickly and safely in all vehicles,” a BMW spokesperson said. “There was no need for vehicles to go to the workshop.”
Photo by Brian Williams.