Clean Carfax One Owner Loaded Warranty Dealer Inspected Sport Premium Navigation on 2040-cars

Auto blog

BMW Hack: the auto industry's big cyber-security warning sign [w/video]

A cyber-security hole that left more than two million BMWs vulnerable may be the most serious breach the auto industry has faced in its emerging fight against car hackers. Security experts are not only concerned that researchers found weaknesses inside the company's Connected Drive remote-services system. They're worried about how the hackers gained entry. German researchers spoofed a cell-phone station and sent fake messages to a SIM card within a BMW's telematics system. Once inside, they locked and unlocked car doors. Other researchers have demonstrated it's possible to hack into a car and control its critical functions, but what separates this latest exploit from others is that it was conducted remotely. In an industry that's just coming to grips with the security threats posed by connectivity in cars, the possibility of a remote breach has been an ominous prospect. The fact it has now occurred may mean a landmark threshold has been crossed. "It's as close as I've seen to a genuine, remote attack on telematics," said Mike Parris, head of the secure car division at SBD, a UK-based automotive technology consulting company. "At this point, the OEMs are trying to play a game of catch up." Previous researchers in the automotive cyber-security field have launched remote attacks that are similar in nature, though not the same. In 2010, academics at California-San Diego and the University of Washington demonstrated they could remotely control essential functions of a car, but they needed to be within close proximity of the vehicle. In November 2014, researchers at Argus Cyber Security remotely hacked cars with an aftermarket device called a Zubie plugged into their diagnostic ports. But the remote attack was predicated on the Zubie dongle having physically been installed in the car. With the BMW hack, researchers compromised the car without needing physical access or proximity. The German Automobile Association, whose researchers conducted the BMW study, said it infiltrated the system "within minutes" and left undetected, a feat that raises the possibility that a hacker could do the same in a real-world scenario. Messages Were Sent Unencrypted Security analysts described the BMW infiltration as a "man in the middle" attack. Researchers mimicked a cellular base station and captured traffic between the car and the BMW Connected Drive service, which drivers can access and control via an app on their cell phones.

2023 J.D. Power APEAL Study shows new-car customer satisfaction scores slip

J.D. Power survey results have been slightly up but mostly down for automakers this year, literally. In February, the 2023 Vehicle Dependability Study showed an overall decline compared the 2022 a month before the Customer Service Index Study did the same. The trend reversed in June with a better overall score on the 2023 U.S. Electric Vehicle Consideration Study than in 2022, then declined again the same month on with a lower overall score on the 2023 Initial Quality Study. The declines continue with the 2023 J.D. Power U.S. Automotive Performance, Execution and Layout (APEAL) Study, overall satisfaction among the 84,555 respondents down two points overall compared to 2022, to 845 out of 1,000 points. Because last year's score dropped compared to 2021, this year marks the first consecutive decline in the study's 28-year history. The study tries to "[measure] owners' emotional attachment and level of excitement with new vehicle" after 90 days of ownership by asking new owners to rate 37 attributes in 10 areas around the vehicle, such as the feeling they get when they hit the accelerator. Satisfaction with nine of the attributes is down this year versus last, fuel economy the only segment to show better results with 15 points more satisfaction. Styling and infotainment are big drags on satisfaction. Responses to new car exterior looks tallied 888 points, down from 894 last year, the largest drop in this year's study. On the digital side, less than half of those surveyed this year said they prefer using a manufacturer's built-in infotainment. From 70% of respondents in 2020 preferring to use a manufacturer's in-house software to play audio instead of Android Auto or Apple CarPlay, that's 56% in 2023. Going all-in on Google appears to have the best effect. J.D. Power said that vehicles with both Google's Android Automotive Operating System (AAOS) and Google Automotive Services (GAS) "score higher in the infotainment category than those with no AAOS whatsoever. AAOS without GAS receives the lowest scores for infotainment of the three categories."  Frank Hanley, senior director of auto benchmarking at J.D. Power, said, "Despite the technology and design innovations that manufacturers put into new vehicles, owners are lukewarm about them. While innovations like charging pads, vehicle apps and advanced audio features should enhance an owner’s experience, this is not the case when problems are experienced.

Did BMW drag its feet on Mini recall?

The National Highway Traffic Safety Administration is opening an investigation into BMW's reporting of a recall for 30,456 examples of the 2014-2015 Mini Cooper Hardtop, Cooper S, and the 2015 John Cooper Works. According to the government, "it appears from a review of NHTSA's databases that BMW may have failed to submit recall communications to NHTSA in a timely manner." The automaker issued the recall in July because crash tests showed the models didn't meet side impact requirements for passengers in the back seat. While there were no reported injuries at the time, the company decided to install energy-absorbing material in the space between the rear interior panels and the exterior. However, NHTSA has decided to investigate whether this campaign should have started much earlier, given the evidence the company had. According to the government's report, the Cooper Hardtop failed side-impact tests in 2014, although one of these tests was five-miles-per-hour faster than the Federal Motor Vehicle Safety Standard. The agency claims: "In January 2015 BMW verbally committed that it would conduct a service campaign to add padding to the rear side panels of MY 2015 Mini 2 Door Hardtop Cooper models. However, BMW did not initiate the service campaign and failed to inform NHTSA of its failure to do so." A subsequent crash test of an example with this fix showed it to make the vehicle compliant with the rules. Mini spokesperson Mariella Kapsaskis told Autoblog: "Regarding the NHTSA audit query, BMW Group is evaluating the request and will respond to NHTSA as appropriate." INVESTIGATION Subject : BMW Reporting & Timely Recall Execution Date Investigation Opened: SEP 24, 2015 Date Investigation Closed: Open NHTSA Action Number: AQ15004 Component(s): STRUCTURE All Products Associated with this Investigation Vehicle Make Model Model Year(s) MINI COOPER 2014-2015 MINI COOPER S 2014-2015 MINI JOHN COOPER WORKS 2015 Details Manufacturer: BMW of North America, LLC SUMMARY: NHTSA is opening this AQ to better understand and evaluate BMW's process(es) for its notification procedures and for timely and efficient execution of its safety recall campaigns. In mid-2014, NHTSA's New Car Assessment Program (NCAP) had side impact moving deformable barrier (MDB) tests performed on two model year (MY) 2014 Mini 2 Door Hardtop Coopers. These two tests were performed at a speed 5 mph higher than required by Federal Motor Vehicle Safety Standard (FMVSS) 214, Side impact protection.