F30POST
F30POST
2012-2015 BMW 3-Series and 4-Series Forum
BMW Garage BMW Meets Register Search Today's Posts Mark Forums Read
BMW 3-Series and 4-Series Forum (F30 / F32) | F30POST > 2012-2019 BMW 3 and 4-Series Forums > General F30 Sedan / F32 Coupe / F36 Gran Coupe Forum > Recall for hackable radio!?
Extreme Power House
Post Reply
 
Thread Tools Search this Thread
      08-02-2015, 10:09 AM   #1
BXL4
Second Lieutenant
United_States
13
Rep
222
Posts

Drives: 2015 328i Alpine White
Join Date: Jan 2012
Location: Bainbridge Island WA

iTrader: (0)

Recall for hackable radio!?

BIMMERPOST
     Featured on BIMMERPOST.com
I have a H/K radio in my 328i so this caught my eye. Anyone know more about possible implications for BMWs?

http://www.bloomberg.com/news/articl...rable-to-hacks
Appreciate 0
      08-02-2015, 01:16 PM   #2
Golden Arrow
Lieutenant
Golden Arrow's Avatar
United_States
84
Rep
497
Posts

Drives: F30 335i
Join Date: May 2014
Location: USA

iTrader: (0)

I think HK provides the speakers for BMW, but not any software for iDrive.
__________________
2013 335i
2004 330ci
2003 330xi (Forever in my heart )
Appreciate 0
      08-02-2015, 03:06 PM   #3
LimpmodeEnthusiast
First Lieutenant
LimpmodeEnthusiast's Avatar
Canada
34
Rep
303
Posts

Drives: One car with good steering ;)
Join Date: Nov 2013
Location: Ontario, Canada

iTrader: (0)

Garage List
Quote:
Harman Kardon’s website shows it provides sound systems for automobiles including BMW, Subaru, and Mercedes-Benz, as well to Fiat Chrysler.
^Bloomberg said that they make sound systems for other cars but afaik, just like Golden Arrow said, BMW makes their own iDrive system using components from Bosch I believe.
__________________
2013 535i XDrive M-Sport|Dark Graphite Metallic|Black Dakota|Executive|Premium|BMW Apps|
2001 E46 330i Sedan|Premium Package|Sports Package|Cold Weather Package|ZF 5AT|Titanium Silver|Black Leather|
2014 435i XDrive|Premium|Executive|MP 1 &2|AW on BD|DHP|Connected Drive|Adaptive LED|Gloss Black Grilles|
Appreciate 0
      08-02-2015, 05:22 PM   #4
Timbits93
First Lieutenant
Canada
27
Rep
347
Posts

Drives: 2013 BMW 328i xDrive Sportline
Join Date: Sep 2013
Location: Vancouver, BC

iTrader: (0)

The head units (CIC/NBT) are manufactured by Harman/Becker which is also under Harman International. Not that it means it's related in any way to the Fiat/Chrysler recall - completely different hardware and software involved.
__________________
Present: 2013 BMW 328i xDrive Sport Line in Havanna Metallic/Black Dakota w/ Fineline Anthracite - Premium/Executive/BMW Apps/BMW Assist with Ext BT
Mods - F20 M-Sport Wheel with Paddles + 2TB/Lip Spoiler/F32 HVAC/SS Pedals/MPE

Past: 2007 Infiniti G35S in Black Obsidian - 105,250km
Appreciate 0
      08-03-2015, 08:39 AM   #5
roundel335
Brigadier General
roundel335's Avatar
United_States
93
Rep
3,997
Posts

Drives: 13 335i Sedan, 11 128i Cabrio
Join Date: Apr 2010
Location: Leland, NC

iTrader: (2)

Garage List
I'd wager that if your car doesn't have any internet connectivity, you're likely not affected. The bluetooth connectivity has no connection into other modules that could affect your instrumentation or other systems. I've read other articles about the Fiat/Chrysler problem, and it's apparent that their system is not very secure.
__________________

2013 F30 335i M-Sport 8AT/MPE/MPPK, 2011 128i M-sport Cabrio 6MT/PE
Appreciate 0
      08-03-2015, 11:11 AM   #6
BXL4
Second Lieutenant
United_States
13
Rep
222
Posts

Drives: 2015 328i Alpine White
Join Date: Jan 2012
Location: Bainbridge Island WA

iTrader: (0)

With the emergency call button, every BMW has internet connectivity, at least technically. I don't think it is a problem either but hackers can be crazy clever so I thought I'd start this thread to get the pooled wisdom.
Appreciate 0
      08-03-2015, 12:11 PM   #7
otay
Private
United_States
12
Rep
89
Posts

Drives: 2014 335i Sport Line
Join Date: Aug 2014
Location: Raleigh, NC

iTrader: (0)

I thought of iDrive when I saw the Fiat/Chrysler Uconnect hacking news. I'm assuming internet connectivity is always on because you can do things like turn on the Auxiliary Ventilation remotely.
__________________
_______________________________
2014 335i | Sportline | Premium | RWD | HK | Driver Assist | 8AT
Mineral Grey Metallic | Coral Red Leather
Appreciate 0
      08-03-2015, 12:17 PM   #8
Thumper333
Captain
Thumper333's Avatar
157
Rep
630
Posts

Drives: 2015 328dX M-Sport
Join Date: Jan 2015
Location: Colorado

iTrader: (0)

Another reason to pump the breaks on automated cars (in addition to many others). Forget changing your radio stations, wait until hackers are able to steer you off a bridge.

Quote:
Originally Posted by BXL4 View Post
With the emergency call button, every BMW has internet connectivity, at least technically. I don't think it is a problem either but hackers can be crazy clever so I thought I'd start this thread to get the pooled wisdom.
Pretty sure that is a cell/GPS signal, not "internet". And doubtful there's enough inter-connectivity to allow a hacker access to any system and make changes. Those programs to send data to BMW on the car status are read-only.

As to Bluetooth, I would be cautious, if the car is in "discovery" mode there have been hackers known to access cellphones in that state.
__________________
2015 328d X-Drive Touring Alpine White M-Sport | DHP w/Dinan Shockware | Chipwerke PRO power module
2015 Audi S4 Sepang Blue P+ | DSG | Tech Package | Adaptive Suspension | B&O
2015 Audi S3 Misano Red | 19" Sport pack w/Mag Ride | B&O
1983 Porsche 944 All stock
Appreciate 0
      08-03-2015, 12:23 PM   #9
otay
Private
United_States
12
Rep
89
Posts

Drives: 2014 335i Sport Line
Join Date: Aug 2014
Location: Raleigh, NC

iTrader: (0)

Quote:
Originally Posted by Thumper333 View Post
Another reason to pump the breaks on automated cars (in addition to many others). Forget changing your radio stations, wait until hackers are able to steer you off a bridge.



Pretty sure that is a cell/GPS signal, not "internet". And doubtful there's enough inter-connectivity to allow a hacker access to any system and make changes. Those programs to send data to BMW on the car status are read-only.

As to Bluetooth, I would be cautious, if the car is in "discovery" mode there have been hackers known to access cellphones in that state.
It's definitely more than read-only. You can lock/unlock, turn on fan, sound horn, etc...right from your iPhone. Let's hope it's more secure than Uconnect.
__________________
_______________________________
2014 335i | Sportline | Premium | RWD | HK | Driver Assist | 8AT
Mineral Grey Metallic | Coral Red Leather
Appreciate 0
      08-03-2015, 02:26 PM   #10
PennSt8
Private
United_States
8
Rep
77
Posts

Drives: 2015 428i Gran Coupe / 2014 X5
Join Date: Jan 2015
Location: West Hollywood, CA

iTrader: (0)

Garage List
Quote:
Originally Posted by otay View Post
It's definitely more than read-only. You can lock/unlock, turn on fan, sound horn, etc...right from your iPhone. Let's hope it's more secure than Uconnect.
Wait, BMW enabled the remote unlock function in the US?
__________________


2015 428i Gran Coupe M-Sport
2014 X5 sDrive M-Sport
Appreciate 0
      08-03-2015, 02:50 PM   #11
Thumper333
Captain
Thumper333's Avatar
157
Rep
630
Posts

Drives: 2015 328dX M-Sport
Join Date: Jan 2015
Location: Colorado

iTrader: (0)

Quote:
Originally Posted by otay View Post
It's definitely more than read-only. You can lock/unlock, turn on fan, sound horn, etc...right from your iPhone. Let's hope it's more secure than Uconnect.
True, I was limiting my thinking to the SOS feature mentioned, but you are correct. Except that I can't do any of that from my iPhone because I don't have one. Could probably do it from my Droid Turbo though....or any smart enabled phone really.
__________________
2015 328d X-Drive Touring Alpine White M-Sport | DHP w/Dinan Shockware | Chipwerke PRO power module
2015 Audi S4 Sepang Blue P+ | DSG | Tech Package | Adaptive Suspension | B&O
2015 Audi S3 Misano Red | 19" Sport pack w/Mag Ride | B&O
1983 Porsche 944 All stock
Appreciate 0
      08-03-2015, 03:05 PM   #12
pz619
Private First Class
8
Rep
182
Posts

Drives: 2013 328i Sportline
Join Date: Oct 2013
Location: San Diego

iTrader: (0)

Quote:
Originally Posted by PennSt8 View Post
Wait, BMW enabled the remote unlock function in the US?
Not from the app itself, but the functionality still exists. The only difference is that BMW USA sends the command to the car after you go through their vetting process.
Appreciate 0
      08-03-2015, 03:09 PM   #13
otay
Private
United_States
12
Rep
89
Posts

Drives: 2014 335i Sport Line
Join Date: Aug 2014
Location: Raleigh, NC

iTrader: (0)

Quote:
Originally Posted by PennSt8 View Post
Wait, BMW enabled the remote unlock function in the US?
Well, I've not needed to try that. I've locked it remotely a couple times and sent the Aux Fan to turn on just about every work day this summer.

I'll try it later today.

__________________
_______________________________
2014 335i | Sportline | Premium | RWD | HK | Driver Assist | 8AT
Mineral Grey Metallic | Coral Red Leather
Appreciate 0
      08-03-2015, 07:03 PM   #14
otay
Private
United_States
12
Rep
89
Posts

Drives: 2014 335i Sport Line
Join Date: Aug 2014
Location: Raleigh, NC

iTrader: (0)

Quote:
Originally Posted by PennSt8 View Post
Wait, BMW enabled the remote unlock function in the US?
Nope...

__________________
_______________________________
2014 335i | Sportline | Premium | RWD | HK | Driver Assist | 8AT
Mineral Grey Metallic | Coral Red Leather

Last edited by otay; 08-03-2015 at 07:10 PM.
Appreciate 0
      08-03-2015, 07:08 PM   #15
timmahh
ghey
timmahh's Avatar
United_States
37
Rep
1,274
Posts

Drives: Viertürigen Fahrzeugs
Join Date: Oct 2010
Location: Southern California

iTrader: (0)

ConnectedDrive was updated in the last few months, OTA, to resolve a potential security breach. Previously the communication sessions were via http, aka plain old not encrypted sessions. The vulnerability was brought up to BMW and it was patched. No dealership visit required. All remote functionality now takes place via https/ssl encrypted sessions.


More info: http://f30.bimmerpost.com/forums/sho....php?t=1085588
__________________

14/335i xDrive/6MT/Bromo.

Last edited by timmahh; 08-03-2015 at 07:14 PM.
Appreciate 0
      08-03-2015, 07:21 PM   #16
otay
Private
United_States
12
Rep
89
Posts

Drives: 2014 335i Sport Line
Join Date: Aug 2014
Location: Raleigh, NC

iTrader: (0)

Quote:
Originally Posted by timmahh View Post
ConnectedDrive was updated in the last few months, OTA, to resolve a potential security breach. Previously the communication sessions were via http, aka plain old not encrypted sessions. The vulnerability was brought up to BMW and it was patched. No dealership visit required. All remote functionality now takes place via https/ssl encrypted sessions.


More info: http://f30.bimmerpost.com/forums/sho....php?t=1085588
Thanks. Good news in that at least BMW is paying attention...
__________________
_______________________________
2014 335i | Sportline | Premium | RWD | HK | Driver Assist | 8AT
Mineral Grey Metallic | Coral Red Leather
Appreciate 0
      08-13-2015, 06:27 PM   #17
otay
Private
United_States
12
Rep
89
Posts

Drives: 2014 335i Sport Line
Join Date: Aug 2014
Location: Raleigh, NC

iTrader: (0)

Hmmm. Looks like the Remote app needs an update, too...?


http://www.roadandtrack.com/new-cars...o-car-hacking/


The remote app had a problem for me a couple days ago...got stuck with the "sending to car" message, so I uninstalled it from the phone, then was going to re-install to see if it fixed the problem. That time it never did turn on the fan.

Maybe I'll wait a bit before re-installing....
__________________
_______________________________
2014 335i | Sportline | Premium | RWD | HK | Driver Assist | 8AT
Mineral Grey Metallic | Coral Red Leather
Appreciate 0
      08-13-2015, 08:22 PM   #18
claykin
Lieutenant Colonel
United_States
29
Rep
1,991
Posts

Drives: 2014 335i M-Sport
Join Date: Nov 2009
Location: Florida

iTrader: (0)

Quote:
Originally Posted by timmahh View Post
. All remote functionality now takes place via https/ssl encrypted sessions.
Lets hope BMW (or their software subcontractor) truly understands Internet security and that they implemented this new SSL connectivity properly.
__________________
2014 335i MSport AW
Appreciate 0
      08-13-2015, 10:03 PM   #19
F32 N55
Major
166
Rep
1,499
Posts

Drives: '15 AW F32 N55 M-Sport
Join Date: May 2014
Location: in my garage.

iTrader: (0)

Quote:
Originally Posted by otay View Post
Hmmm. Looks like the Remote app needs an update, too...?


http://www.roadandtrack.com/new-cars...o-car-hacking/


The remote app had a problem for me a couple days ago...got stuck with the "sending to car" message, so I uninstalled it from the phone, then was going to re-install to see if it fixed the problem. That time it never did turn on the fan.

Maybe I'll wait a bit before re-installing....

Quote:
the exploit involves planting a small, home-built device on the target vehicle.
I'm not gonna worry too much about our 435.
Appreciate 0
      08-14-2015, 07:49 AM   #20
otay
Private
United_States
12
Rep
89
Posts

Drives: 2014 335i Sport Line
Join Date: Aug 2014
Location: Raleigh, NC

iTrader: (0)

Quote:
Originally Posted by F32 N55 View Post
I'm not gonna worry too much about our 435.
True, I'm not worried too much either, but do want to hear how this issue will be addressed before I use the app again.
__________________
_______________________________
2014 335i | Sportline | Premium | RWD | HK | Driver Assist | 8AT
Mineral Grey Metallic | Coral Red Leather
Appreciate 0
      08-14-2015, 08:27 AM   #21
fecurtis
Lieutenant Colonel
United_States
318
Rep
1,976
Posts

Drives: 2014 BMW 335i M-Sport
Join Date: Jan 2014
Location: Arlington, VA

iTrader: (0)

Quote:
Originally Posted by PennSt8 View Post
Wait, BMW enabled the remote unlock function in the US?
Yeah, but the app contacts BMWNA to verify you're the owner before actually unlocking the car.
__________________
2014 BMW 335i M-Sport | Estoril Blue II | 8AT | MPPK | MPE
Appreciate 0
      08-14-2015, 08:38 AM   #22
roundel335
Brigadier General
roundel335's Avatar
United_States
93
Rep
3,997
Posts

Drives: 13 335i Sedan, 11 128i Cabrio
Join Date: Apr 2010
Location: Leland, NC

iTrader: (2)

Garage List
If you don't have the "connected" apps, they aren't going to be able to hack your car. It requires a different "head unit" on the audio system such as the one you get when you order Navigation. The emergency call feature is a satellite-based voice communications setup, but that's pretty much all it is. As far as Bluetooth, all it will do is connect to a phone device. I tried to make it work with my Android tablet and it would not even discover it; not sure even "enhanced Bluetooth" would allow it to pair and output the sound through the audio system.
__________________

2013 F30 335i M-Sport 8AT/MPE/MPPK, 2011 128i M-sport Cabrio 6MT/PE
Appreciate 0
Post Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 07:10 PM.




f30post
f30post
Powered by vBulletin® Version 3.7.0
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.
1Addicts.com, BIMMERPOST.com, E90Post.com, F30Post.com, M3Post.com, ZPost.com, 5Post.com, 6Post.com, 7Post.com, XBimmers.com logo and trademark are properties of BIMMERPOST