Hackers Could Unlock BMWs Remotely

While a BMW is arguably one of the safest cars you can buy in terms of performance, it's not especially secure when it comes to wireless features. German automotive researchers recently confirmed that malefactors can take advantage of BMW's ConnectedDrive feature to use a smartphone to break into almost any BMW, Mini or Rolls-Royce vehicle that comes equipped with ConnectedDrive.

ADAC, a prominent automobile club in Germany, has just released information about this vulnerability, for which a patch has already been pushed out to vehicles (which have their own cellular connections) and mobile phones. BMW tells ADAC that all affected models should be patched by Jan. 31.

It's not possible using this flaw to unlock a BMW that isn't yours, nor is it possible to start the car, but a savvy thief could combine it with a flaw discovered in 2012 to steal a unpatched vehicle.

MORE: Scariest Security Threats Headed Your Way: Special Report

While ADAC did not detail exactly how this hack works, it involves the ConnectedDrive functionality and apparently little else. BMW makes several smartphone apps, at least one of which, called My BMW Remote in the United States, allows the car owner to lock and unlock the vehicle.

BMW subsidiaries Rolls-Royce and Mini also make use of ConnectedDrive, the affected version of which is available in about 2.2 million cars worldwide. Various apps can control the car's integrated search features, climate control and horn, in addition to its door locks. Affected vehicles include most BMWs manufactured since 2010, as well as three-door and five-door Mini hatchbacks, and Rolls-Royce Ghosts, Wraiths, Phantom Coupes and Drophead Coupes.

In order to safeguard your BMW, Rolls or Mini, all you have to do is update your BMW's internal software and your smartphone app as soon as possible. Both of these should happen automatically via an over-the-air update, unless you've changed the settings at some point, your car has been disconnected from its battery for an extended period or it's been in an underground garage.

Since the app does not control the car's engine, a car thief is unlikely to make off with the vehicle, unless he or she is also an expert at hotwiring. Still, an extremely savvy hacker could theoretically couple the vulnerability with a three-year-old hack to take the vehicle for him or herself. 

In addition to ConnectedDrive, BMW employs a separate system of wireless keyfobs to let drivers start up some models without even putting keys in the ignition. In 2012, a spate of BMW thefts in Europe and Australia led to the discovery that a malefactor, once inside a BMW, could plug a special device into a BMW's onboard diagnostic system to copy a wireless fob's unique codes onto a blank device, then start the car. (North American vehicles were not affected; it's not clear if BMW recalled the affected models to fix the flaw.)

BMW said that the keyfob hack would not affect any car produced after 2011, but because the ConnectedDrive vulnerability began showing up in 2010, this leaves a two-year window that could expose potentially tens of thousands of vehicles worldwide to both the ConnectedDrive and wireless key fob hacks.

The hardest part of the keyfob hack was getting inside the vehicle without setting off the alarm; the ConnectedDrive hack takes care of that problem. But again, as long as you keep your car's firmware up to date, the later vulnerability should disappear within the next day.

If you have anything of value in your BMW, consider removing it, at least for the next few days. Furthermore, if your car is in long-term parking somewhere, consider calling a friend or family member and having them grab the update in the next day or two.

Marshall Honorof is a Staff Writer for Tom's Guide. Contact him at mhonorof@tomsguide.com. Follow him @marshallhonorof. Follow us @tomsguide, on Facebook and on Google+.