M3 Coupe Certified Free Maintenance Until 100k Tech Nav Navigation Premium Sound on 2040-cars

Auto blog

BMW's Connected Drive feature vulnerable to hackers

BMW is working to fix a cyber-security flaw that has left 2.2 million vehicles worldwide vulnerable to hackers. Cars equipped with the automaker's Connected Drive remote-services system are affected, according to the German Automobile Association (ADAC), which first discovered the problem. Researchers found they could lock and unlock car doors by mimicking mobile communications and sending phony signals to a SIM card installed in affected vehicles. An attack could be launched "within minutes" of accessing the system without the perpetrators leaving a trace, according to their report, in part because once they had gained access to the network, the communications were not secure. In response to the security gap, BMW says it has been upgrading software via over-the-air updates over the past week, so no visits to dealerships are needed to remedy the security hole. In fact, owners of affected cars may not have even noticed the updates taking place. The problem affects BMW, Rolls-Royce and MINI vehicles equipped with Connected Drive since 2010. Flaws were first reported to BMW last year by ADAC, which is the country's equivalent of AAA. ADAC says it withheld a public announcement until the car company could address the problem. While BMW has pushed the software patch to most affected vehicles, the organization said it's possible some at cars in the United States had not yet been updated. BMW did not respond to a request for comment Monday. In a written statement, the automaker said it knows of no real-world breaches. 2015 Off To Dubious Start The hack could raise the eyebrows of industry leaders: Cars are now the equivalent of mobile computers and cyber-security experts have been warning that the auto industry has been slow to close its security holes. BMW's breach marks the second time in 2015 that researchers have found a popular automotive feature with little or no security precautions. Last month, experts said a popular device made by Progressive Insurance that allows motorists to track their driving habits contained no security whatsoever. Like the Connected Drive smart-phone app, many automotive components and infotainment features were conceived and produced at a time when industry executives never considered the possibility someone might want to hack into them. But increased connectivity brings increased risk. Going forward, BMW says its Connected Drive features will now operate by using encrypted communications via the HTTPS protocol.

BMW brings first diesel 7 Series to US with $82,500* 740Ld xDrive

After almost 40 years on the market, there are probably few things the BMW 7 Series hasn't offered, but when it comes to the US market, one of those things just happens to be a diesel engine. That is all about to change, however, as BMW announced that it will unveil the 2014 740Ld xDrive at the Chicago Auto Show before sales commence later in the spring.
Offered only on long-wheelbase models with standard all-wheel drive, the new diesel 7 is powered by BMW's 3.0-liter inline-six producing 255 horsepower and a stout 413 pound-feet of torque peaking between 1,500 and 3,000 rpm. While BMW has yet to release any type of fuel economy figures, it did say that its diesel technology is usually good for an improvement of 25 to 30 percent over the gas models - just for fun, that means that the 740 Ld xDrive could get as much as 24.7 miles per gallon in the city and 36.4 mpg on the highway, but that's just doing the math and there is nothing official behind those numbers. Acceleration will take a little longer than in the 740Li xDrive (shown above) with BMW stating 6.1 seconds from 0-60 compared to 5.4 seconds for the gas model.
Another small increase over the gas version will be in price, with the 740Ld xDrive getting a starting MSRP of $82,500 (*not including $925 for destination), which is just a $1,500 bump over the 740Li xDrive. For comparison, the Audi A8L TDI starts at $78,800, while the previous-gen Mercedes S350 Bluetec was priced at $93,000. Scroll down for more info on the new diesel-powered 7 Series, and stay tuned to our live coverage from Chicago in a couple weeks as we'll have live images and hopefully more info.

BMW Hack: the auto industry's big cyber-security warning sign [w/video]

A cyber-security hole that left more than two million BMWs vulnerable may be the most serious breach the auto industry has faced in its emerging fight against car hackers. Security experts are not only concerned that researchers found weaknesses inside the company's Connected Drive remote-services system. They're worried about how the hackers gained entry. German researchers spoofed a cell-phone station and sent fake messages to a SIM card within a BMW's telematics system. Once inside, they locked and unlocked car doors. Other researchers have demonstrated it's possible to hack into a car and control its critical functions, but what separates this latest exploit from others is that it was conducted remotely. In an industry that's just coming to grips with the security threats posed by connectivity in cars, the possibility of a remote breach has been an ominous prospect. The fact it has now occurred may mean a landmark threshold has been crossed. "It's as close as I've seen to a genuine, remote attack on telematics," said Mike Parris, head of the secure car division at SBD, a UK-based automotive technology consulting company. "At this point, the OEMs are trying to play a game of catch up." Previous researchers in the automotive cyber-security field have launched remote attacks that are similar in nature, though not the same. In 2010, academics at California-San Diego and the University of Washington demonstrated they could remotely control essential functions of a car, but they needed to be within close proximity of the vehicle. In November 2014, researchers at Argus Cyber Security remotely hacked cars with an aftermarket device called a Zubie plugged into their diagnostic ports. But the remote attack was predicated on the Zubie dongle having physically been installed in the car. With the BMW hack, researchers compromised the car without needing physical access or proximity. The German Automobile Association, whose researchers conducted the BMW study, said it infiltrated the system "within minutes" and left undetected, a feat that raises the possibility that a hacker could do the same in a real-world scenario. Messages Were Sent Unencrypted Security analysts described the BMW infiltration as a "man in the middle" attack. Researchers mimicked a cellular base station and captured traffic between the car and the BMW Connected Drive service, which drivers can access and control via an app on their cell phones.