BMW’s ConnectedDrive Cyber Security Flaw
What’s the news?
Researchers working for the German Automotive Association (ADAC) found these vulnerabilities and were able to remotely attack BMW cars. This was reported to BMW in a responsible disclosure manner, and the company announced it fixed the problem and upgraded its software remotely Over The Air.
What does it mean?
In this case no passengers were harmed and a massive cyber recall was luckily prevented. The affected services and the associated impact included the following:
- Remote Services: Unauthorized execution of remote functions such as unlocking the car doors.
- Real Time Traffic Information (RTTI): Eavesdropping to current vehicle locations and speeds driven.
- BMW Online: Remote monitoring of e-mail correspondence.
- Intelligent Emergency Call: Emergency call numbers could be changed.
Argus IPS – Prevention is better than cure
Had the Argus Intrusion Prevention System (IPS) been installed in these vehicles, this unfortunate event would have averted in the first place. The IPS would have detected and blocked this kind of attacks, and it would have notified the car manufacturer in real-time that the attempts were carried out.
For example, the Argus Secure Remote Access feature, based on our proprietary digital signature mechanism, would have prevented an attacker from unlocking the car doors. Furthermore, Argus’ Cyber Security Vulnerability Assessment Services, which include Red Team penetration testing, architecture design review and code review, would have pointed out these vulnerabilities in their inception.
