[BXL4]

I have a H/K radio in my 328i so this caught my eye. Anyone know more about possible implications for BMWs?

http://www.bloomberg.com/news/articl...rable-to-hacks

[Golden Arrow]

I think HK provides the speakers for BMW, but not any software for iDrive.

[613Bimmer]

Quote:

Harman Kardon’s website shows it provides sound systems for automobiles including BMW, Subaru, and Mercedes-Benz, as well to Fiat Chrysler.

^Bloomberg said that they make sound systems for other cars but afaik, just like Golden Arrow said, BMW makes their own iDrive system using components from Bosch I believe.

[Tim@codemybimmer]

The head units (CIC/NBT) are manufactured by Harman/Becker which is also under Harman International. Not that it means it's related in any way to the Fiat/Chrysler recall - completely different hardware and software involved.

[RoundelM3]

I'd wager that if your car doesn't have any internet connectivity, you're likely not affected. The bluetooth connectivity has no connection into other modules that could affect your instrumentation or other systems. I've read other articles about the Fiat/Chrysler problem, and it's apparent that their system is not very secure.

[BXL4]

With the emergency call button, every BMW has internet connectivity, at least technically. I don't think it is a problem either but hackers can be crazy clever so I thought I'd start this thread to get the pooled wisdom.

[otay]

I thought of iDrive when I saw the Fiat/Chrysler Uconnect hacking news. I'm assuming internet connectivity is always on because you can do things like turn on the Auxiliary Ventilation remotely.

[Thumper333]

Another reason to pump the breaks on automated cars (in addition to many others). Forget changing your radio stations, wait until hackers are able to steer you off a bridge.

Quote:

Originally Posted by BXL4

With the emergency call button, every BMW has internet connectivity, at least technically. I don't think it is a problem either but hackers can be crazy clever so I thought I'd start this thread to get the pooled wisdom.

Pretty sure that is a cell/GPS signal, not "internet". And doubtful there's enough inter-connectivity to allow a hacker access to any system and make changes. Those programs to send data to BMW on the car status are read-only.

As to Bluetooth, I would be cautious, if the car is in "discovery" mode there have been hackers known to access cellphones in that state.

[otay]

Quote:

Originally Posted by Thumper333

Another reason to pump the breaks on automated cars (in addition to many others). Forget changing your radio stations, wait until hackers are able to steer you off a bridge.



Pretty sure that is a cell/GPS signal, not "internet". And doubtful there's enough inter-connectivity to allow a hacker access to any system and make changes. Those programs to send data to BMW on the car status are read-only.

As to Bluetooth, I would be cautious, if the car is in "discovery" mode there have been hackers known to access cellphones in that state.

It's definitely more than read-only. You can lock/unlock, turn on fan, sound horn, etc...right from your iPhone. Let's hope it's more secure than Uconnect.

[PennSt8]

Quote:

Originally Posted by otay

It's definitely more than read-only. You can lock/unlock, turn on fan, sound horn, etc...right from your iPhone. Let's hope it's more secure than Uconnect.

Wait, BMW enabled the remote unlock function in the US?

[Thumper333]

Quote:

Originally Posted by otay

It's definitely more than read-only. You can lock/unlock, turn on fan, sound horn, etc...right from your iPhone. Let's hope it's more secure than Uconnect.

True, I was limiting my thinking to the SOS feature mentioned, but you are correct. Except that I can't do any of that from my iPhone because I don't have one. Could probably do it from my Droid Turbo though....or any smart enabled phone really.

[pz619]

Quote:

Originally Posted by PennSt8

Wait, BMW enabled the remote unlock function in the US?

Not from the app itself, but the functionality still exists. The only difference is that BMW USA sends the command to the car after you go through their vetting process.

[otay]

Quote:

Originally Posted by PennSt8

Wait, BMW enabled the remote unlock function in the US?

Well, I've not needed to try that. I've locked it remotely a couple times and sent the Aux Fan to turn on just about every work day this summer.

I'll try it later today.

[otay]

Quote:

Originally Posted by PennSt8

Wait, BMW enabled the remote unlock function in the US?

Nope...

[timmahh]

ConnectedDrive was updated in the last few months, OTA, to resolve a potential security breach. Previously the communication sessions were via http, aka plain old not encrypted sessions. The vulnerability was brought up to BMW and it was patched. No dealership visit required. All remote functionality now takes place via https/ssl encrypted sessions.


More info: http://f30.bimmerpost.com/forums/sho....php?t=1085588

[otay]

Quote:

Originally Posted by timmahh

ConnectedDrive was updated in the last few months, OTA, to resolve a potential security breach. Previously the communication sessions were via http, aka plain old not encrypted sessions. The vulnerability was brought up to BMW and it was patched. No dealership visit required. All remote functionality now takes place via https/ssl encrypted sessions.


More info: http://f30.bimmerpost.com/forums/sho....php?t=1085588

Thanks. Good news in that at least BMW is paying attention...

[otay]

Hmmm. Looks like the Remote app needs an update, too...?


http://www.roadandtrack.com/new-cars...o-car-hacking/


The remote app had a problem for me a couple days ago...got stuck with the "sending to car" message, so I uninstalled it from the phone, then was going to re-install to see if it fixed the problem. That time it never did turn on the fan.

Maybe I'll wait a bit before re-installing....

[claykin]

Quote:

Originally Posted by timmahh

. All remote functionality now takes place via https/ssl encrypted sessions.

Lets hope BMW (or their software subcontractor) truly understands Internet security and that they implemented this new SSL connectivity properly.

[G30 B58]

Quote:

Originally Posted by otay

Hmmm. Looks like the Remote app needs an update, too...?


http://www.roadandtrack.com/new-cars...o-car-hacking/


The remote app had a problem for me a couple days ago...got stuck with the "sending to car" message, so I uninstalled it from the phone, then was going to re-install to see if it fixed the problem. That time it never did turn on the fan.

Maybe I'll wait a bit before re-installing....

Quote:

the exploit involves planting a small, home-built device on the target vehicle.

I'm not gonna worry too much about our 435.

[otay]

Quote:

Originally Posted by F32 N55

I'm not gonna worry too much about our 435.

True, I'm not worried too much either, but do want to hear how this issue will be addressed before I use the app again.

[fecurtis]

Quote:

Originally Posted by PennSt8

Wait, BMW enabled the remote unlock function in the US?

Yeah, but the app contacts BMWNA to verify you're the owner before actually unlocking the car.

[RoundelM3]

If you don't have the "connected" apps, they aren't going to be able to hack your car. It requires a different "head unit" on the audio system such as the one you get when you order Navigation. The emergency call feature is a satellite-based voice communications setup, but that's pretty much all it is. As far as Bluetooth, all it will do is connect to a phone device. I tried to make it work with my Android tablet and it would not even discover it; not sure even "enhanced Bluetooth" would allow it to pair and output the sound through the audio system.