48i Bargain Corner Low Miles 4 Dr Suv Automatic Gasoline 4.8l Dohc 32-valve V8 I on 2040-cars

Auto blog

BMW's Connected Drive feature vulnerable to hackers

BMW is working to fix a cyber-security flaw that has left 2.2 million vehicles worldwide vulnerable to hackers. Cars equipped with the automaker's Connected Drive remote-services system are affected, according to the German Automobile Association (ADAC), which first discovered the problem. Researchers found they could lock and unlock car doors by mimicking mobile communications and sending phony signals to a SIM card installed in affected vehicles. An attack could be launched "within minutes" of accessing the system without the perpetrators leaving a trace, according to their report, in part because once they had gained access to the network, the communications were not secure. In response to the security gap, BMW says it has been upgrading software via over-the-air updates over the past week, so no visits to dealerships are needed to remedy the security hole. In fact, owners of affected cars may not have even noticed the updates taking place. The problem affects BMW, Rolls-Royce and MINI vehicles equipped with Connected Drive since 2010. Flaws were first reported to BMW last year by ADAC, which is the country's equivalent of AAA. ADAC says it withheld a public announcement until the car company could address the problem. While BMW has pushed the software patch to most affected vehicles, the organization said it's possible some at cars in the United States had not yet been updated. BMW did not respond to a request for comment Monday. In a written statement, the automaker said it knows of no real-world breaches. 2015 Off To Dubious Start The hack could raise the eyebrows of industry leaders: Cars are now the equivalent of mobile computers and cyber-security experts have been warning that the auto industry has been slow to close its security holes. BMW's breach marks the second time in 2015 that researchers have found a popular automotive feature with little or no security precautions. Last month, experts said a popular device made by Progressive Insurance that allows motorists to track their driving habits contained no security whatsoever. Like the Connected Drive smart-phone app, many automotive components and infotainment features were conceived and produced at a time when industry executives never considered the possibility someone might want to hack into them. But increased connectivity brings increased risk. Going forward, BMW says its Connected Drive features will now operate by using encrypted communications via the HTTPS protocol.

Are future vehicular hacks inevitable?

Before the hack of the Uconnect system in a Jeep Cherokee resulted in a 1.4-million vehicle recall, the potential software vulnerabilities in vehicles were already a hot topic with Congressional inquiries and even proposed legislation in the US. As cars' interconnected systems gain the ability to go online, they become open to a host of new threats. Automakers are trying to stop this, but it might be too late to put the genie back into the bottle. Throughout 2015, the issue of software security in vehicles has become increasingly vital. For example, the recent Jeep case wasn't even the biggest hack this year. In February, a major flaw was discovered in the BMW Connected Drive service that allowed researchers to remotely lock and unlock the doors and potentially affected 2.2 million cars. The fix was an over-the-air patch for the problem. Automakers are actively working to fix the issues. Mercedes-Benz, BMW, and Audi reportedly are using encrypted connections and firewalls in their vehicles to prevent hacking. "Absolute, 100-percent safety isn't possible," Daimler spokesperson Benjamin Oberkersch said to Automotive News Europe. "But we develop our systems, tested by internal and external experts, so they're up to date." These vulnerabilities seem to be popping up more often. A successful hack took $14 in parts from Radio Shack in one case. There was also a 60 Minutes report earlier in the year about DARPA's ability to hack into OnStar to take control of a Chevrolet Impala. Experts aren't so sure companies can contend with hackers' advancement. "The difficulty for the carmakers at the moment is the question whether they can keep pace with advances in technology, and especially hacking technology," Rainer Scholz, executive director for telematics consultant EY, said to Automotive News Europe. "We seriously doubt they can." At this point, vehicle hacks are coming more from researchers looking for holes than from those with malicious intent. Still, the vulnerabilities are definitely there. It's up to automakers to keep patching the problems before they become dangerous to drivers. Related Video: News Source: Automotive News Europe - sub. req.Image Credit: Bill O'Leary / The Washington Post via Getty Images Audi BMW Jeep Mercedes-Benz Safety Technology Emerging Technologies hacking cyber security

BMW i5 could get Toyota-sourced hydrogen power

It's starting to feel like the automotive landscape is right on the cusp of a boom in hydrogen-fueled vehicles. After all, the Toyota FCV is nearly ready, Volkswagen is readying a fuel cell concept for this week's Los Angeles Auto Show and Hyundai already sells its Tucson Fuel Cell. The next big name to add to that list might be BMW, as the company's co-development deal with Toyota starts to bear fruit.
According to Autocar, BMW may use a version of the fuel cell system from the Toyota FCV in the future i5. As part of its eco-oriented i sub-brand, the i5 is expected to be a stretched version of the i3 (pictured above) with extra rear legroom and cargo space. It's unclear at the moment whether a battery-powered pure electric powertrain will also be available. If accurate, then the rumor could give the Bavarian brand a counterattack against Mercedes-Benz' planned fuel cell vehicle in 2017.
BMW and Toyota first signed the memorandum of understanding to co-develop fuel cells, lightweight technology and a sports car back in 2012, and they made the arrangement official in late 2013. So far, few details on the progress of the work have been disclosed, but the performance model has been rumored to use a front-engine, all-wheel drive layout with supercapacitors.