Can Hackers Unlock Your BMW?

///Can Hackers Unlock Your BMW?

Can Hackers Unlock Your BMW?

Can Hackers Unlock Your BMW

As auto locksmiths, we sometimes feel nostalgic for the good old days when car door technology was simple, making it easy to help out our customers who found themselves in a fix. As much as we love learning new systems (it keeps us on our toes!), computers and the Internet have really made our job different.

Connected Car Technology is Great, But it Doesn’t Come Without a Downside

We know technology has added a new layer of complexity for car owners, too. That brings wonderful benefits – ask anyone who’s made good use of their on-board nav system and you’ll know.

However, there’s also a new layer of risk and hassle involved, which always happens when computers get involved. If something goes wrong, it’s not easy to fix yourself. Also, any time you’re “connected”, there are security risks, too.

BMW’s ConnectedDrive is a Prime Example

Case in point: take BMW’s ConnectedDrive web portal, which allows car owners to enjoy all sorts of modern benefits:

  • access the Internet
  • lock your car from your phone (and unlock)
  • flash the lights or beep the horn from your phone
  • answer questions
  • enjoy the infotainment
  • send internet search results to your car for navigation

ConnectedDrive can be accessed via a phone app, directly from the car’s system, or from your laptop/tablet/PC. No matter how you access the system, however, Softpedia has just reported that there are vulnerabilities that BMW vehicle owners should know about.

The BMW ConnectedDrive Vulnerabilities

There are two vulnerabilities, which mean the software leaves gaps in security features, which may offer hackers an opportunity to access a BMW system for malicious purposes.

The first problem is that hackers can access a BMW Vehicle Identification Number (VIN), which is used by the ConnectedDrive system to back up and identify owners’ data. After a BMW owner first logs into the ConnectedDrive portal, he or she must enter the VIN in order to gain access to configuration apps for the car.

That means hackers can get vehicle owners’ login information and then pose as the car owner in order to perform any number of malicious activities.

How Hackers Can Unlock Your Car

There is a bug which allows users to bypass the VIN authentication requirement, meaning any hacker can access the configuration of any BMW vehicle.

Once the VIN has been hacked, in-car settings may be altered. That includes unlocking the car doors!

Besides allowing a hacker to unlock the doors, the vulnerability also may allow:

  • access to email accounts
  • controlling the real-time traffic information that’s part of the system
  • managing the routes in the navigation system
  • tinker with playlists
  • in some cases, track the vehicle

What’s Being Done?

Industry experts are calling for a more identity-focused approach to connected car systems such as BMW’s ConnectedDrive. As more car manufacturers join the wave of offering connected systems to their customers, hackers will take note and focus their energies on car systems.

BMW has not yet responded to calls for comment on this issue. It’s reported that the issues were reported to the German car manufacturer back in February of 2016 but BMW has not yet answered the bug issues (publicly, anyway).

BMW Isn’t Alone With This Hacking Issue

The Mitsubishi Outlander has had the same security issues, so BMW is not alone with this problem. Chrysler, Mercedes-Benz, and Viper’s apps also have vulnerabilities. All of these apps allow for unlocking and locking a car’s doors from a remote location, using an app. Most also offer remote starting. However, the key usually needs to be present in order to put the car into gear.

In August of 2015, a hacking expert named Samy Kamkar reported that he could hack into BMW Remote, meaning hackers could start a BMW equipped with that feature. His OwnStar device, which can be planted underneath any BMW (or various other types of cars with this sort of connected system), can intercept a user’s credentials and send them to the hacker. That’s how they get in.

Hackers or not, AutoLocks Ltd is here to help you with your BMW door lock issues. We can unlock a locked BMW, get you back in, and help you get on with your day any time of day or night. That’s because we stay abreast of issues like this, and always keep our specialized locksmiths fully trained on the latest equipment and techniques.

Give us a call when you need help and we’ll be at your side with a fully trained, professional auto lock technician in as little time as possible so you don’t have to wait all day (or night!).

By |2018-09-03T07:58:53+00:00December 18th, 2016|BMW|0 Comments