Εκατομμύρια BMW με το ConnectedDrive πιθανώς να κάνουν χρήση μη κρυπτογραφημένων δεδομένων

Τα αυτοκίνητα της BMW που φορούν το σύστημα ConnectedDrive μπορούν να επικοινωνήσουν ασύρματα με το εργοστάσιο και υπάρχει η δυνατότητα, μέσω μιας εφαρμογής στα smartphone, ο οδηγός να ξεκλειδώσει τις πόρτες, να ενεργοποιήσει την κόρνα κτλ. Η ADAC θέλησε να δει το κατά πόσο είναι εύκολο κάποιος να χακάρει το σύστημα και να δει τι ακριβώς πληροφορίες αποστέλλονται στο Μόναχο, και όπως φάνηκε, το σύστημα ήταν εύκολο να χακαριστεί.

https://www.youtube.com/watch?v=9reFcnm6hVo

Ένα smartphone, γνώσεις και 2 λεπτά υπομονή, και το ConnectedDrive σπάει, μη αφήνοντας μάλιστα κανένα ίχνος πίσω του ο χάκερ. Το πρόβλημα εκτείνεται σε 2,2 εκατ. αυτοκίνητα του BMW Group (BMW, MINI και Rolls-Royce), με την βαυαρική εταιρία να δηλώνει πως έχει κλείσει την τρύπα ασφαλείας κάνοντας χρήση του πρωτοκόλλου HTTPS, που θα φτάσει στα αυτοκίνητα, μέσω ασύρματης ενημέρωσης.

Τα αυτοκίνητα που επηρεάζει το πρόβλημα αυτό είναι όσα έχουν κατασκευαστεί μεταξύ 8 Μαρτίου 2010 και 9η Δεκεμβρίου του 2014. Συγκεκριμένα πρόκειται για τα:

BMW

• 1-series, incl. Cabrio, Coupé and Touring (E81, E82, E87, E88, F20, F21)
• 2-series, incl. Active Tourer, Coupé and Cabrio (F22, F23, F45 )
• 3-series, incl. Cabrio, Coupé, GT, M3 and Touring (E90, E91, E92, E93, F30, F31, F34, F80)
• 4-series Coupé, Cabrio, GranCoupé and M4 (F32, F33, F36, F82, F83)
• 5-series, incl. GT and Touring (E81, E82, F07, F10, F11, F18)
• 6-series, incl. Cabrio and GranCoupé (F06, F12, F13)
• 7-series (F01, F02, F03, F04)
• i3 (I01), I8 (I12)
• X1 (E84), X3 (F25), X4 (F26), X 5 (E70, F15, F85), X6 (E71, E72, F16, F86), Z4 (E89)

Mini

• 3-door and Countryman (F56, F60)

Rolls Royce

• Phantom, incl. Coupé and Drophead Coupé (RR1, RR2, RR3)
• Ghost (RR4)
• Wraith (RR5)

[learn_more caption=”Δελτίο Τύπου”]

BMW Group ConnectedDrive increases data security. Rapid response to reports from the German Automobile As-sociation ADAC.

Munich. As the leading manufacturer in the networking of driver, vehicle and the surrounding environment, the BMW Group is increasing the security of data transmission in its vehicles. This is the company’s response to reports from the German Automobile Association (ADAC). The motorist’s association had identified a potential security gap when data is transmitted. The BMW Group has already closed this gap with a new configuration.

The experts from the ADAC had put the company through a strategic review as market leader in vehicle networking. This check revealed a potential security gap affecting the transmission path via the mobile phone network. BMW Group hardware was not impacted. The online capability of BMW Group ConnectedDrive allowed the gap to be closed quickly and safely in all vehicles. Access to functions relevant to driving was excluded at all times. There was no need for vehicles to go to the workshop.

The update is carried out automatically as soon as the vehicle connects up to the BMW Group server or the driver calls up the service configuration manually. The online services of BMW Group ConnectedDrive communicate with this configuration via the HTTPS protocol (HyperText Transfer Protocol Secure) which had previously been used for the service BMW Internet and other functions. The BMW Group ConnectedDrive packages in the vehicle are thereby using encryption which in most cases is also being used by banks for online banking. On the one hand, data are encrypted with the HTTPS protocol, and on the other hand, the identity of the BMW Group server is checked by the vehicle before data are transmitted over the mobile phone network.

In this way, the BMW Group has responded promptly and increased the security of BMW Group ConnectedDrive, because no cases have come to light yet in which data has been called up actively by unauthorised persons from outside or an attempt of this kind is made in the first place.

[/learn_more]