Luxury car manufacturer BMW has rolled out a patch for a security flaw that could have allowed hackers to open the doors of some 2.2 million vehicles.Seems that someone could wirelessly unlock the doors. Rather than fussing around with coat hangers attracting attention to themselves, they could do it from the nearest Starbucks.
The issue affects BMW, Mini and Rolls Royce models that come equipped with ConnectedDrive – a technology that allows car owners to access internet, navigation and other services via a SIM card installed directly into vehicles.
And BMW's "Yay, us for patching this so quickly" doesn't impress:
It appears the vulnerability revolved around the insecure transmission of data, as the patch rolled out by BMW appears to have enabled HTTPS. Something you would probably have hoped that BMW’s engineers would have thought about in the first place.The update happens automatically via ConnectedDrive, which is a good thing. But still, this is pretty bone headed.
Yes, it’s good that BMW has fixed the problem. But frankly I think they’re being a little disingenuous talking about “rapid response” if this issue was first brought to their attention in the middle of last year.