You think getting an OTA update for your smartphone to prevent someone from being able to remotely access it is notable? Imagine getting an update for your car to prevent someone from being able to access it! That's what the owners of some BMW vehicles are dealing with, as the Bavarian overlord has just issued updates to over 2.2 million vehicles.
The issue here is related to BMW's ConnectedDrive feature, which allows owners to communicate with their vehicle via their mobile phone. While ConnectedDrive offers some rich functionality, it's the door unlock mechanism that became an issue. BMW says that there's been no reports of the flaw being exploited, which is actually a little surprising.
Affected cars include most of BMW's lineup, the Mini, and also the Rolls-Royce Phantom; those models produced before March 2010 and December 2014 are unaffected.
The fact that this issue exists goes to prove just how little security analysis is conducted on these important features. If someone is able to steal someone else's vehicle simply by breaching wireless security, there's something seriously wrong. And believe it or not, this isn't even the first time that an issue like this has struck BMW.
A little over two-years-ago, the BBC conducted a test in which it purchased a device used to reconfigure the security key in a BMW auto that would ultimately let them gain access to it. Even with no experience, anyone equipped with that machine would have been able to drive off with someone else's car. Amazing, isn't it?
With two severe flaws just a few years apart, hopefully this latest incident will ensure that BMW will begin taking wireless-based security a lot more seriously.