The flaw affected models fitted with BMW's ConnectedDrive software, which uses an on-board Sim card.
The software operated door locks, air conditioning and traffic updates but no driving firmware such as brakes or steering, the German car maker said.
No cars have actually been hacked "thank God", but the flaw was identified by German motorist association ADAC.
ADAC's researchers found the cars would try to communicate via a spoofed phone network, leaving potential hackers able to control anything activated by the Sim.
The patch, which would be applied automatically, included making data from the car encrypted via HTTPS (HyperText Transfer Protocol Secure) - the same security commonly used for online banking, BMW said.
"On the one hand, data are encrypted with the HTTPS protocol, and on the other hand, the identity of the BMW Group server is checked by the vehicle before data are transmitted over the mobile phone network".
No comments:
Post a Comment