BMW’s ConnectedDrive Cyber Security Flaw

BMW’s ConnectedDrive Cyber Security Flaw

Table of contents

What’s the news? 

Researchers working for the German Automotive Association (ADAC) found these vulnerabilities and were able to remotely attack BMW cars. This was reported to BMW in a responsible disclosure manner, and the company announced it fixed the problem and upgraded its software remotely Over The Air.

What does it mean?

In this case no passengers were harmed and a massive cyber recall was luckily prevented. The affected services and the associated impact included the following:

  1. Remote Services: Unauthorized execution of remote functions such as unlocking the car doors.
  2. Real Time Traffic Information (RTTI): Eavesdropping to current vehicle locations and speeds driven.
  3. BMW Online: Remote monitoring of e-mail correspondence.
  4. Intelligent Emergency Call: Emergency call numbers could be changed.

PlaxidityX IPS – Prevention is better than cure

Had the PlaxidityX Intrusion Prevention System (IPS) been installed in these vehicles, this unfortunate event would have averted in the first place. The IPS would have detected and blocked this kind of attacks, and it would have notified the car manufacturer in real-time that the attempts were carried out.

For example, the PlaxidityX Secure Remote Access feature, based on our proprietary digital signature mechanism, would have prevented an attacker from unlocking the car doors.  Furthermore, Argus’ Cyber Security Vulnerability Assessment Services, which include Red Team penetration testing, architecture design review and code review, would have pointed out these vulnerabilities in their inception.

 

Ready to See Plaxidityx in Action?

“We chose PlaxidityX based on its proven experience, knowledge, methodology, and expertise..PlaxidityX’s ability to complete and submit in an extremely short time with top quality results, was critical for meeting our business goals”

Emrah Duman

“PlaxidityXs’ comprehensive suite of cyber security solutions and its outstanding array of strategic technological partnerships have contributed to the company’s leadership position”

Dorothy Amy

“The partnership with PlaxidityX enables our customers to perform cybersecurity testing on our established test platforms ..We are excited to partner with a strong and experienced cybersecurity service provider such as PlaxidityX”

Dr. Herbert Schütte

“By combining PlaxidityX’s expertise in securing connected vehicles with Microsoft’s Azure AI capabilities, we have a unique opportunity to accelerate ‘shift left’ security innovations across the entire automotive sector..”

Dominik Wee

“PlaxidityX is a key pillar of Continental’s SDV strategy, enabling Continental to implement a security-by-design approach. As automotive cyber security moves to the cloud, PlaxidityX’ cutting-edge technologies and proven VSOC capabilities position us advantageously to meet our customers’ future needs”

Gilles Mabire

Learn how we bring peace of mind for millions of drivers