F30POST
F30POST
2012-2015 BMW 3-Series and 4-Series Forum
BMW Garage BMW Meets Register Search Today's Posts Mark Forums Read
BMW 3-Series and 4-Series Forum (F30 / F32) | F30POST > 2012-2019 BMW 3 and 4-Series Forums > General F30 Sedan / F32 Coupe / F36 Gran Coupe Forum > Recall for hackable radio!?
European Auto Source
Post Reply
 
Thread Tools Search this Thread
      08-02-2015, 10:09 AM   #1
BXL4
Second Lieutenant
United_States
17
Rep
243
Posts

Drives: 2015 328i Alpine White
Join Date: Jan 2012
Location: Bainbridge Island WA

iTrader: (0)

Recall for hackable radio!?

BIMMERPOST
     Featured on BIMMERPOST.com
I have a H/K radio in my 328i so this caught my eye. Anyone know more about possible implications for BMWs?

http://www.bloomberg.com/news/articl...rable-to-hacks
Appreciate 0
      08-02-2015, 01:16 PM   #2
Golden Arrow
Lieutenant
Golden Arrow's Avatar
United_States
91
Rep
521
Posts

Drives: F30 335i
Join Date: May 2014
Location: USA

iTrader: (0)

I think HK provides the speakers for BMW, but not any software for iDrive.
__________________
2013 335i
2004 330ci
2003 330xi (Forever in my heart )
Appreciate 0
      08-02-2015, 03:06 PM   #3
613Bimmer
First Lieutenant
613Bimmer's Avatar
Canada
52
Rep
370
Posts

Drives: One car with good steering ;)
Join Date: Nov 2013
Location: Ontario, Canada

iTrader: (0)

Garage List
Quote:
Harman Kardon’s website shows it provides sound systems for automobiles including BMW, Subaru, and Mercedes-Benz, as well to Fiat Chrysler.
^Bloomberg said that they make sound systems for other cars but afaik, just like Golden Arrow said, BMW makes their own iDrive system using components from Bosch I believe.
__________________
2014 435i XDrive|Premium|Executive|MPerf 1 &2|AW on BD|DHP|Connected Drive|Adaptive LED|Gloss Black Grilles|
2013 535i XDrive M-Sport|Dark Graphite Metallic|Black Dakota|Executive|Premium|BMW Apps|
2001 E46 330i|Premium Package|Cold Weather Package|5AT|Tit. Silver on Black|Koni Yellow & H&R Sport|Style 342|
Appreciate 0
      08-02-2015, 05:22 PM   #4
Timbits93
Lieutenant
Canada
72
Rep
501
Posts

Drives: 2015 BMW 328i xDrive M-Sport
Join Date: Sep 2013
Location: Vancouver, BC

iTrader: (1)

The head units (CIC/NBT) are manufactured by Harman/Becker which is also under Harman International. Not that it means it's related in any way to the Fiat/Chrysler recall - completely different hardware and software involved.
__________________
Present 2015 BMW 328i xDrive M-Sport in Mineral Gray/Coral Red - Premium/Executive/Park Assistant/ConnectedDrive Services/400M/MPE/LCI Centre Console/Rear Fogs Enabled

Past 2013 BMW 328i xDrive Sport Line in Havanna - 47,900km
Past 2007 Infiniti G35S in Black Obsidian - 105,250km
Appreciate 0
      08-03-2015, 08:39 AM   #5
roundel335
Brigadier General
roundel335's Avatar
United_States
251
Rep
4,702
Posts

Drives: 13 335i Sedan, 16 228i Cabrio
Join Date: Apr 2010
Location: Leland, NC

iTrader: (2)

Garage List
I'd wager that if your car doesn't have any internet connectivity, you're likely not affected. The bluetooth connectivity has no connection into other modules that could affect your instrumentation or other systems. I've read other articles about the Fiat/Chrysler problem, and it's apparent that their system is not very secure.
__________________

2013 F30 335i M-Sport 8AT/MPE/MPPK, 2016 228i M-Sport Cabrio 8AT
Appreciate 0
      08-03-2015, 11:11 AM   #6
BXL4
Second Lieutenant
United_States
17
Rep
243
Posts

Drives: 2015 328i Alpine White
Join Date: Jan 2012
Location: Bainbridge Island WA

iTrader: (0)

With the emergency call button, every BMW has internet connectivity, at least technically. I don't think it is a problem either but hackers can be crazy clever so I thought I'd start this thread to get the pooled wisdom.
Appreciate 0
      08-03-2015, 12:11 PM   #7
otay
Second Lieutenant
United_States
54
Rep
280
Posts

Drives: 2014 335i Sport Line
Join Date: Aug 2014
Location: Raleigh, NC

iTrader: (0)

I thought of iDrive when I saw the Fiat/Chrysler Uconnect hacking news. I'm assuming internet connectivity is always on because you can do things like turn on the Auxiliary Ventilation remotely.
__________________
_______________________________
2014 335i |Sportline|Premium|HK|Driver Assist|8AT|Mineral Grey|Coral Red
Appreciate 0
      08-03-2015, 12:17 PM   #8
Thumper333
Captain
Thumper333's Avatar
193
Rep
691
Posts

Drives: 2015 328dX M-Sport
Join Date: Jan 2015
Location: Colorado

iTrader: (0)

Another reason to pump the breaks on automated cars (in addition to many others). Forget changing your radio stations, wait until hackers are able to steer you off a bridge.

Quote:
Originally Posted by BXL4 View Post
With the emergency call button, every BMW has internet connectivity, at least technically. I don't think it is a problem either but hackers can be crazy clever so I thought I'd start this thread to get the pooled wisdom.
Pretty sure that is a cell/GPS signal, not "internet". And doubtful there's enough inter-connectivity to allow a hacker access to any system and make changes. Those programs to send data to BMW on the car status are read-only.

As to Bluetooth, I would be cautious, if the car is in "discovery" mode there have been hackers known to access cellphones in that state.
__________________
2015 328d X-Drive Touring Alpine White M-Sport | DHP w/Dinan Shockware | Chipwerke PRO power module
2015 Audi S4 Sepang Blue P+ | DSG | Tech Package | Adaptive Suspension | B&O
2015 Audi S3 Misano Red | 19" Sport pack w/Mag Ride | B&O
1983 Porsche 944 All stock
Appreciate 0
      08-03-2015, 12:23 PM   #9
otay
Second Lieutenant
United_States
54
Rep
280
Posts

Drives: 2014 335i Sport Line
Join Date: Aug 2014
Location: Raleigh, NC

iTrader: (0)

Quote:
Originally Posted by Thumper333 View Post
Another reason to pump the breaks on automated cars (in addition to many others). Forget changing your radio stations, wait until hackers are able to steer you off a bridge.



Pretty sure that is a cell/GPS signal, not "internet". And doubtful there's enough inter-connectivity to allow a hacker access to any system and make changes. Those programs to send data to BMW on the car status are read-only.

As to Bluetooth, I would be cautious, if the car is in "discovery" mode there have been hackers known to access cellphones in that state.
It's definitely more than read-only. You can lock/unlock, turn on fan, sound horn, etc...right from your iPhone. Let's hope it's more secure than Uconnect.
__________________
_______________________________
2014 335i |Sportline|Premium|HK|Driver Assist|8AT|Mineral Grey|Coral Red
Appreciate 0
      08-03-2015, 02:26 PM   #10
PennSt8
Private First Class
United_States
30
Rep
152
Posts

Drives: 2015 428i Gran Coupe / 2014 X5
Join Date: Jan 2015
Location: West Hollywood, CA

iTrader: (0)

Garage List
Quote:
Originally Posted by otay View Post
It's definitely more than read-only. You can lock/unlock, turn on fan, sound horn, etc...right from your iPhone. Let's hope it's more secure than Uconnect.
Wait, BMW enabled the remote unlock function in the US?
__________________


2015 428i Gran Coupe M-Sport
2014 X5 sDrive M-Sport
Appreciate 0
      08-03-2015, 02:50 PM   #11
Thumper333
Captain
Thumper333's Avatar
193
Rep
691
Posts

Drives: 2015 328dX M-Sport
Join Date: Jan 2015
Location: Colorado

iTrader: (0)

Quote:
Originally Posted by otay View Post
It's definitely more than read-only. You can lock/unlock, turn on fan, sound horn, etc...right from your iPhone. Let's hope it's more secure than Uconnect.
True, I was limiting my thinking to the SOS feature mentioned, but you are correct. Except that I can't do any of that from my iPhone because I don't have one. Could probably do it from my Droid Turbo though....or any smart enabled phone really.
__________________
2015 328d X-Drive Touring Alpine White M-Sport | DHP w/Dinan Shockware | Chipwerke PRO power module
2015 Audi S4 Sepang Blue P+ | DSG | Tech Package | Adaptive Suspension | B&O
2015 Audi S3 Misano Red | 19" Sport pack w/Mag Ride | B&O
1983 Porsche 944 All stock
Appreciate 0
      08-03-2015, 03:05 PM   #12
pz619
Captain
181
Rep
688
Posts

Drives: 2015 M235i
Join Date: Oct 2013
Location: San Diego

iTrader: (0)

Quote:
Originally Posted by PennSt8 View Post
Wait, BMW enabled the remote unlock function in the US?
Not from the app itself, but the functionality still exists. The only difference is that BMW USA sends the command to the car after you go through their vetting process.
Appreciate 0
      08-03-2015, 03:09 PM   #13
otay
Second Lieutenant
United_States
54
Rep
280
Posts

Drives: 2014 335i Sport Line
Join Date: Aug 2014
Location: Raleigh, NC

iTrader: (0)

Quote:
Originally Posted by PennSt8 View Post
Wait, BMW enabled the remote unlock function in the US?
Well, I've not needed to try that. I've locked it remotely a couple times and sent the Aux Fan to turn on just about every work day this summer.

I'll try it later today.

__________________
_______________________________
2014 335i |Sportline|Premium|HK|Driver Assist|8AT|Mineral Grey|Coral Red
Appreciate 0
      08-03-2015, 07:03 PM   #14
otay
Second Lieutenant
United_States
54
Rep
280
Posts

Drives: 2014 335i Sport Line
Join Date: Aug 2014
Location: Raleigh, NC

iTrader: (0)

Quote:
Originally Posted by PennSt8 View Post
Wait, BMW enabled the remote unlock function in the US?
Nope...

__________________
_______________________________
2014 335i |Sportline|Premium|HK|Driver Assist|8AT|Mineral Grey|Coral Red

Last edited by otay; 08-03-2015 at 07:10 PM.
Appreciate 0
      08-03-2015, 07:08 PM   #15
timmahh
ghey
timmahh's Avatar
United_States
58
Rep
1,315
Posts

Drives: Viertürigen Fahrzeugs
Join Date: Oct 2010
Location: Southern California

iTrader: (0)

ConnectedDrive was updated in the last few months, OTA, to resolve a potential security breach. Previously the communication sessions were via http, aka plain old not encrypted sessions. The vulnerability was brought up to BMW and it was patched. No dealership visit required. All remote functionality now takes place via https/ssl encrypted sessions.


More info: http://f30.bimmerpost.com/forums/sho....php?t=1085588
__________________

14/335i xDrive/6MT/Bromo.

Last edited by timmahh; 08-03-2015 at 07:14 PM.
Appreciate 0
      08-03-2015, 07:21 PM   #16
otay
Second Lieutenant
United_States
54
Rep
280
Posts

Drives: 2014 335i Sport Line
Join Date: Aug 2014
Location: Raleigh, NC

iTrader: (0)

Quote:
Originally Posted by timmahh View Post
ConnectedDrive was updated in the last few months, OTA, to resolve a potential security breach. Previously the communication sessions were via http, aka plain old not encrypted sessions. The vulnerability was brought up to BMW and it was patched. No dealership visit required. All remote functionality now takes place via https/ssl encrypted sessions.


More info: http://f30.bimmerpost.com/forums/sho....php?t=1085588
Thanks. Good news in that at least BMW is paying attention...
__________________
_______________________________
2014 335i |Sportline|Premium|HK|Driver Assist|8AT|Mineral Grey|Coral Red
Appreciate 0
      08-13-2015, 06:27 PM   #17
otay
Second Lieutenant
United_States
54
Rep
280
Posts

Drives: 2014 335i Sport Line
Join Date: Aug 2014
Location: Raleigh, NC

iTrader: (0)

Hmmm. Looks like the Remote app needs an update, too...?


http://www.roadandtrack.com/new-cars...o-car-hacking/


The remote app had a problem for me a couple days ago...got stuck with the "sending to car" message, so I uninstalled it from the phone, then was going to re-install to see if it fixed the problem. That time it never did turn on the fan.

Maybe I'll wait a bit before re-installing....
__________________
_______________________________
2014 335i |Sportline|Premium|HK|Driver Assist|8AT|Mineral Grey|Coral Red
Appreciate 0
      08-13-2015, 08:22 PM   #18
claykin
Colonel
United_States
59
Rep
2,077
Posts

Drives: 2016 535i M-Sport
Join Date: Nov 2009
Location: Florida

iTrader: (0)

Quote:
Originally Posted by timmahh View Post
. All remote functionality now takes place via https/ssl encrypted sessions.
Lets hope BMW (or their software subcontractor) truly understands Internet security and that they implemented this new SSL connectivity properly.
__________________
2016 535i MSport AW
Appreciate 0
      08-13-2015, 10:03 PM   #19
F32 N55
Colonel
360
Rep
2,253
Posts

Drives: '15 AW F32 N55 M-Sport
Join Date: May 2014
Location: in my garage.

iTrader: (0)

Quote:
Originally Posted by otay View Post
Hmmm. Looks like the Remote app needs an update, too...?


http://www.roadandtrack.com/new-cars...o-car-hacking/


The remote app had a problem for me a couple days ago...got stuck with the "sending to car" message, so I uninstalled it from the phone, then was going to re-install to see if it fixed the problem. That time it never did turn on the fan.

Maybe I'll wait a bit before re-installing....

Quote:
the exploit involves planting a small, home-built device on the target vehicle.
I'm not gonna worry too much about our 435.
Appreciate 0
      08-14-2015, 07:49 AM   #20
otay
Second Lieutenant
United_States
54
Rep
280
Posts

Drives: 2014 335i Sport Line
Join Date: Aug 2014
Location: Raleigh, NC

iTrader: (0)

Quote:
Originally Posted by F32 N55 View Post
I'm not gonna worry too much about our 435.
True, I'm not worried too much either, but do want to hear how this issue will be addressed before I use the app again.
__________________
_______________________________
2014 335i |Sportline|Premium|HK|Driver Assist|8AT|Mineral Grey|Coral Red
Appreciate 0
      08-14-2015, 08:27 AM   #21
fecurtis
Brigadier General
United_States
1295
Rep
3,800
Posts

Drives: 2014 BMW 335i M-Sport
Join Date: Jan 2014
Location: Arlington, VA

iTrader: (0)

Quote:
Originally Posted by PennSt8 View Post
Wait, BMW enabled the remote unlock function in the US?
Yeah, but the app contacts BMWNA to verify you're the owner before actually unlocking the car.
__________________
2014 BMW 335i M-Sport | Estoril Blue II | 8AT | MPPK | MPE
Appreciate 0
      08-14-2015, 08:38 AM   #22
roundel335
Brigadier General
roundel335's Avatar
United_States
251
Rep
4,702
Posts

Drives: 13 335i Sedan, 16 228i Cabrio
Join Date: Apr 2010
Location: Leland, NC

iTrader: (2)

Garage List
If you don't have the "connected" apps, they aren't going to be able to hack your car. It requires a different "head unit" on the audio system such as the one you get when you order Navigation. The emergency call feature is a satellite-based voice communications setup, but that's pretty much all it is. As far as Bluetooth, all it will do is connect to a phone device. I tried to make it work with my Android tablet and it would not even discover it; not sure even "enhanced Bluetooth" would allow it to pair and output the sound through the audio system.
__________________

2013 F30 335i M-Sport 8AT/MPE/MPPK, 2016 228i M-Sport Cabrio 8AT
Appreciate 0
Post Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 08:16 AM.




f30post
f30post
Powered by vBulletin® Version 3.7.0
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
1Addicts.com, BIMMERPOST.com, E90Post.com, F30Post.com, M3Post.com, ZPost.com, 5Post.com, 6Post.com, 7Post.com, XBimmers.com logo and trademark are properties of BIMMERPOST