BMW Fixes Security Flaw to Stop Hackers

BMW says it has found a solution to a security flaw that could have allowed hackers to open doors of 2.2 million BMWs, Mini and Rolls-Royce vehicles.

BMW said officials at German motorist association ADAC had identified the problem, which affected cars equipped with the company's ConnectedDrive software using on-board SIM cards -- the chips used to identify authorized users of mobile devices, reported Reuters.

BMW drivers can use the software and SIM cards to activate door locking mechanisms, as well as a range of other services including real-time traffic information, online entertainment and air conditioning. The security risk occurred when data was transmitted, Reuters said, but it did not impede the car's critical functions of driving, steering or braking.

BMW said it was not aware of any examples where the data had been used to compromise the security of a vehicle, said Reuters.

BMW said it had taken steps to eliminate possible breaches by encrypting the communications inside the car using the same HTTPS (Hypertext Transfer Protocol Secure) standard used in Web browsers for secure transactions such as ecommerce or banking, said Reuters.

BMW said it was able to update its ConnectedDrive software automatically, when the vehicle connects up to the BMW Group server or the driver calls up the service configuration manually.

"The online capability of BMW Group ConnectedDrive allowed the gap to be closed quickly and safely in all vehicles," BMW said. "There was no need for vehicles to go to the workshop."

http://www.reuters.com/article/2015/01/30/us-bmw-cybersecurity-idUSKBN0L31RC20150130

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.