Beemer, Open Thyself! – Security vulnerabilities in BMW's ConnectedDrive

[vbalazs]

Hi, I thought it would be worth sharing and talking about this:

http://www.heise.de/ct/artikel/Beemer-Open-Thyself-Security-vulnerabilities-in-BMW-s-ConnectedDrive-2540957.html

Cars with built-in modems are sending data to their manufacturers – German motorist's club ADAC wanted to know what exactly gets sent. c't connected ADAC with a specialist who analysed the data transmissions, using the example of BMW's ConnectedDrive technology. He discovered security vulnerabilities that even allow unauthorised attackers to open the vehicles.

We know that if something is connected to outside world, it can be hacked. But it looks like they didn't even care. 

Anyway, nice reverse engineering and documentation that's for sure

[Rerouter]

I'm half certain there was a similar story about a prius or similar hybrid smart car where you could spam the accelerator value on the can bus via some wireless vulnerability, the brake may have still worked, but i would not imagine many would know how to respond, (the brake is more powerful than the motor for anyone curious)

[wagon]

Skynet.....

[max_torque]

Sorry to spoil the party, but it's largely irrelevant!

I can "get into your car" with nothing more complex than a house brick (or a small piece of a spark plug ceramic insulator....) in less than 5 secs.


Why i would want to spend a huge amount of time an effort to "hack" my way in i have no idea??

[nctnico]

No damage and no car alarm going off? 

[pickle9000]

No info on making the vehicle drivable in the article. Still, if car theft was the game making new keys would require computer access.

[n45048]

Certainly in Australia there has been a dramatic decrease in theft of newer cars using "traditional" methods (hot wiring, ECU manipulation etc...) but an increase in break and enter offences. Lots of crooks have taken a liking to breaking into your house and stealing your car keys along with your car (how many of you keep your keys at the front door or in a bowl in the living area/kitchen?).

Remote unlocking of cars has been possible for quite a while; Volkswagen comes to mind. NRMA (one of the roadside assistance companies in Australia) have been able to do this for years. But they still cannot start the vehicle without the proper key as far as I know.

[Yago]

Sorry to spoil the party, but it's largely irrelevant!

I can "get into your car" with nothing more complex than a house brick (or a small piece of a spark plug ceramic insulator....) in less than 5 secs.


Why i would want to spend a huge amount of time an effort to "hack" my way in i have no idea??

Unlock at red lights and carjack?

[dannyf]

Beemer, ... BMW's

Is it really a "beemer"?

[baljemmett]

Beemer, ... BMW's

Is it really a "beemer"?

For some reason, some BMW fans seem to use 'beemer' for the bikes and 'bimmer' for the cars.  Peculiar; I avoid the distinction by only using the diminutive when speaking...

[SeanB]

The one car where most seem to have a very rare option in the original purpose, indicators. As well, even though the vehicles have had it since at least the 1970's as standard, they are the most common vehicles driven with non working brake lights or headlights.

[FreddyVictor]

No damage and no car alarm going off? 

even worse, up until a year or so ago, once thief had access to OBD port, they could program a blank key and simply drive away 

was a long thread on uk forum where it was almost a daily post from someone saying they woke up to find their vehicle gone

[n45048]

I can "get into your car" with nothing more complex than a house brick (or a small piece of a spark plug ceramic insulator....) in less than 5 secs.


Why i would want to spend a huge amount of time an effort to "hack" my way in i have no idea??

Because then you would get away with it. Say you use the jamming technique where you simply jam the victim's keyfob as they walk away and press the lock button. They fail to notice that the car didn't really lock. Once out of sight you simply wait a few minutes, then walk up to the car, open it normally and within a few minutes have made a duplicate key and can drive off quietly as if you were the real owner. No obvious signs of a crime being committed, no-one calling the police, and you have a nice undamaged car to sell.

I'm pretty sure the owner will be calling the Police the moment they realise their vehicle has been stolen. This also largely prevents it being resold.

[mikeselectricstuff]

I'm pretty sure the owner will be calling the Police the moment they realise their vehicle has been stolen. This also largely prevents it being resold.

Except if it ends up in a container to country unknown
Or broken for spares
Or given a new identity

[jlmoon]

I can "get into your car" with nothing more complex than a house brick (or a small piece of a spark plug ceramic insulator....) in less than 5 secs.


Why i would want to spend a huge amount of time an effort to "hack" my way in i have no idea??

Because then you would get away with it. Say you use the jamming technique where you simply jam the victim's keyfob as they walk away and press the lock button. They fail to notice that the car didn't really lock. Once out of sight you simply wait a few minutes, then walk up to the car, open it normally and within a few minutes have made a duplicate key and can drive off quietly as if you were the real owner. No obvious signs of a crime being committed, no-one calling the police, and you have a nice undamaged car to sell.

nice undamaged car to sell

You left out one important detail... Pretty hard to sell a car without a Clear Title.

[tom66]

You left out one important detail... Pretty hard to sell a car without a Clear Title.

Plenty of people who will buy one unknowingly or knowingly with the ability to forge documents or remove security information.