BMW Patches Security Flaw Affecting Over 2 Million Vehicles 44
An anonymous reader writes BMW has fixed a security bug which left 2.2 million cars, including models from Rolls Royce and Mini, exposed to hackers. The flaw was discovered in vehicles using BMW's ConnectedDrive software, which runs from an installed on-board Sim card. Via the smartphone app, owners can remotely control a number of functions including door locks, air conditioning and sounding the horn. Researchers from the German motorist association ADAC identified the flaw which allowed the system to connect to fake mobile phone networks, enabling hackers to remotely control the Sim card.
better solution: don't make cars network-capable (Score:3, Insightful)
Seriously, car systems should have, at most, a dumb screen that I can extend with whatever computer hardware I choose to add, if any. I cannot comprehend why anyone would want a built-in navigation system, for example, when my phone already does it, and does it better. Just write an app that lets me broadcast my screen through my USB port while I charge.
Re:better solution: don't make cars network-capabl (Score:4, Insightful)
Seriously, car systems should have, at most, a dumb screen that I can extend with whatever computer hardware I choose to add, if any. I cannot comprehend why anyone would want a built-in navigation system, for example, when my phone already does it, and does it better. Just write an app that lets me broadcast my screen through my USB port while I charge.
The user interface on phones suck. It is difficult and dangerous to enter a destination, and it requires you to hold your phone or buy or manufacture something to hold the phone up in your line of sight so you don't have to keep glancing down at it. Then what happens if you get a phone call? You have to pick it up (unless the car has bluetooth, which I would imagine if you don't like integrated GPS, you probably don't like integrated bluetooth either.)
Phones are capable of doing a lot of things that they are not very good at and purpose built devices are orders of magnitudes better than phones at just about everything except making phone calls. In fact, the phonebook on my car's bluetooth connection to the phone is better than the interface on my phone.
My built-in GPS shows road construction and accidents, something my phone doesn't do, and it shows it on a 8.8 inch screen, something my phone doesn't do.
Re: (Score:2, Interesting)
OP here.
Your phone doesn't do those things, but there's no reason it *can't*.
Phones have high-speed data/charging ports, yet they go unused. And I have no problem with bluetooth as an option. Hell, I've added bluetooth to my car.
Using my phone via bluetooth has been great. I have a holder for my phone to display GPS info, google maps ABSOLUTELY DOES show traffic delays (I don't care if it's construction, accidents, or whatever, I only care that it impedes my travel), and most importantly, my car isn't commu
Re: (Score:2)
Comment removed (Score:4, Informative)
Re: (Score:2)
In the US we had people die because the relied on their rental car navi. The asked for a route and it gave it them the shortest one. Down 4x4 roads through death valley.
They found the bodies a few weeks later.
Re: (Score:2)
The user interface on phones suck.
LOL Not nearly as bad as the user interface on my BMW. Ever tried typing an address with a scroll wheel? And the voice recognition is no better.
It is illegal to use a handheld device in our cars around here, so I either use the much more distracting iDrive or risk the fine with the much easier to use phone. Does not make anyone safer, though.
Re: (Score:2)
Re: (Score:2)
I have a navigation system in my car - got it built in. That's aside from my phone navigation. My phone navigation tends to be more approximate than my car's. It keeps sampling frequently enough to know that I've not taken an exit, or that I'm under a bridge, and so on. Also, it's a lot more convenient to follow, than a phone, which I'd have to attach on the console and turn my head to see it. As opposed to just turning my eyes on the radio to see where I am
I just prop my phone up against the instrument panel (on a sticky rubber pad to keep it in place), I can see even easier than if I had a center mounted GPS since it just takes a quick glance downwards,I can't really use the phone touch screen easily while driving, which is probably a good thing. The only only blocks the tachometer (pretty useless with an automatic transmission) and most of the fuel gauge, so it's actually a pretty reasonable place to put it).
For actual navigation, the phone GPS works as wel
Re: (Score:2)
You can have most androids, and I believe apple phones too, "Auto Rotate" their screen. Flip it in your hands it so the screen is correctly oriented for your HUD reflection when subsequently laid flat, then carefully place it in the panel so it reflects as desired. When laid flat,the phone will wait for a threshold (more than 10 degrees in my experience) of further rotation before changing the screen again - giving you the result you wanted!
I've done it with my Xperia Z Ultra and my Ford Transit EF-LWB - it
Re: (Score:3)
Seriously, car systems should have, at most, a dumb screen that I can extend with whatever computer hardware I choose to add, if any. I cannot comprehend why anyone would want a built-in navigation system, for example, when my phone already does it, and does it better. Just write an app that lets me broadcast my screen through my USB port while I charge.
I'm not sure I understand your question - how will manufacturers sell you a $2000 entertainment and navigation system if you use your phone for that? And even if they wanted to do this, how could so many different manufacturers cooperate to come up with a single standard for a smart phone interface, surely every manufacturer would have to implement things slightly differently, like they do with bluetooth support where some features work in some cars, but not others.
Re: (Score:2)
Re: (Score:3)
in car systems are massively overpriced, but I would never choose to use my phone over my incar navigation. Phones are awkward, unwieldy with smaller screens and no integration.
Re: (Score:2)
The best option is MirrorLink, which basically displays your phone's screen on the car's navigation screen and passes through touch input and audio. You can then use your preferred navigation app and phone's data connection, but on a nice big screen that is fixed solidly to the dashboard.
That wouldn't have happened with end-to-end crypto (Score:1)
Trusting networks is a bad idea. Trusting the wrong network is only slightly worse.
Auto software with vulnerabilities? (Score:2)
They weren't using HTTPS (Score:2)
From TFA:
BMW has now applied a patch employing HTTPS protocol (HyperText Transfer Protocol Secure) to encrypt the data from the cars.
"On the one hand, data are encrypted with the HTTPS protocol, and on the other hand, the identity of the BMW Group server is checked by the vehicle before data are transmitted over the mobile phone network," BMW released in a statement.
How could professional system designers have made the decision to not implement HTTPS in the first place?
Re: (Score:3)
"The web portion is easy, we'll get the intern to do it in a couple of weeks..."
Re: (Score:3)
Someone will always be smarter than you, no matter how many layers of security you pile on. Don't let your car be opened remotely. I guess we'll all have to learn the hard way not to give up control of our own property for a handful of glittery dust.
Re: (Score:2)
And why use http(s) at all for communication.
"Patches"? (Score:3)
So, what's the fix? Before, everybody could remotely open your car, now only BMW can do it? They call that a "fix"?
Re: (Score:2)
Why on earth would you want to remotely unlock your car anyway? What is the point of this feature?
My Leaf has a remote access system, but all it can do is turn charging on/off and turn the air conditioning on/off for up to 120 minutes at a time and only if the car is plugged in at the time. It's useful and even if it was compromised the worst someone could do is make my car cabin 30C and cost me a few pennies.
If they had included a remote unlock facility I wouldn't have bought it.
Self-driven cars are the solution (Score:1)
If by solution you mean major hacker targets.
Actual solution: stop making the car OS connected to the Net, and keep those systems totally separate.
My usual comments... networked car not good idea (Score:2)
I started out admiring disruptive tech. As the years rolled on, I noted that computation and networking were no longer under our control; we've no choice in how we are connected, nor to which computers we use, for instance in cases such as these. The motivation for change is to make more money, first, and next to improve surveillance and control. Convenience is just a by-broduct.
I see no reason to not-use a key to open my door. At least the thief has to be physically present to break into a mechanical locke
Re: (Score:2)
open network better then ATT only with very high r (Score:1)
open network better then ATT only with very high roaming fees. Fees so high that 50MB is about $1000 so 1-2 GB can cost you as much as a NEW CAR.
Woody Allen spot on (Score:1)
The old VW bug in Sleeper is more realistic than I ever thought. Anything with a chip in it may be useless in the future as databases of hacks and back-doors build up over time.