The German carmaker BMW has fixed a security flaw that could have allowed hackers to wirelessly open BMW, Mini and Rolls Royce vehicles, a motorist association said on Friday.
The glitch was identified by the German auto club ADAC in the Munich-based carmaker’s digital-service software, BMW officials said.
About 2.2 million cars equipped with BMW AG’s ConnectedDrive using on-board SIM cards were at risk of having their doors unlocked, but the luxury car-maker said it upgraded its system to close the security gap.
“The BMW Group has responded promptly and increased the security,” the company said in a statement.
BMW car-owners can use the software and SIM cards to activate door-locking mechanisms, which in turn also allowed for security vulnerabilities when data was transmitted, BMW said.
ADAC's security researchers were able to simulate the existence of a fake phone network, which BMW cars attempted to access, permitting hackers to manipulate functions activated by a SIM card.
The software upgrade encrypted the communications inside the car using the same HTTPS (Hypertext Transfer Protocol Secure) standard used in Web browsers for secure transactions, eliminating possible breaches.
The software flaw did not obstruct the car’s critical functions of driving, steering or braking and, according to BMW, there were no examples where the data had been used to compromise the security of a vehicle.
"There was no need for vehicles to go to the workshop," the car company added.