Sometime in late 2014 or early 2015, it was found that BMW vehicles equipped with ConnectedDrive could be tricked into unlocking the doors by any hacker who knew how to mimic BMW’s servers. While information about that specific hack is rather scant, it’s safe to assume that BMW probably put an end to that vulnerability rather quickly, but that doesn’t mean your BMW i BMW i s safe from hackers. In fact, it was recently discovered that BMW’s equipped with ConnectedDrive could, in fact, be hacked through a simple web browser – once again giving the technologically advanced the ability to unlawfully enter your fine piece of German engineering. That’s not all, though.
This vulnerability is one of two that was recently discovered Kunz Mejri, a security researcher for Vulnerability Laboratory. To put it simply, hackers can bypass a secure validation system and take over VIN numbers already in the system ultimately to view or manipulate them, which can lead to the ability to remotely unlocked the doors of any BMW vehicle that have been connected to the ConnectedDrive system.
The second vulnerability is more of a threat to BMW than anyone else, but could ultimately lead to your BMW doing some pretty wonky things at the hands of an intelligent hacker. By taking advantage of a vulnerability on the ConnectedDrive’s password reset page, a hacker can inject malicious code into BMW’s portal that could cause issues within its servers. While this is more of a threat to BMW, a hacker with the right know-how and the underlying desire to be a complete douche could cause issues with connected BMW’s on a massive scale. It’s hard to say what exactly a hacker could do, but the first thing that comes to mind is tens of thousands of BMWs locking and unlocking randomly at the same time. It’s not likely, but with technology these days, anything is possible
The more serious hack is a pretty big deal. Not only can a hacker remotely unlock your vehicle, but they can also access information that is stored within your car’s infotainment system. Someone can manage routes and real-time traffic information, access e-mail accounts, and – in theory – could even change the music you’re playing or control any autonomous features your car may have. While the latter isn’t very likely at this point, it’s a possibility, and it’s something we should all be aware of.
As of the time of this writing, BMW has yet to speak on the issue, with some outlets reaching out to BMW to no avail. At the end of the day, it’s time to realize that cars are getting smarter and, with our continued advancement in technology, they are more vulnerable than ever. Hacking threats involved cars aren’t going to go away, and unless manufacturers begin to rethink the security architecture of our now-connected cars, it’s only going to get worse. For the record, it was just a few weeks ago that security vulnerabilities were found in the Mitsubishi Outlander as well.