BMW patches security flaw that could have allowed hackers to unlock car doors

[InfoSec News <alerts () infosecnews org>]

http://mashable.com/2015/02/03/bmw-connecteddrive-locks/

By Rex Santus
Mashable.com
2/3/2015

BMW has mended a security flaw in its ConnectedDrive car connectivity 
system that affected 2.2 million cars, including Rolls-Royce and Mini 
cars, the company announced on Friday.

It concerned software in the car that would have allowed hackers to open 
car doors. It highlights a oft-voiced concern around connected home 
products — sometimes called the Internet of Things — that household items 
would become vulnerable to malware or hacking.

The update happens automatically, as soon as the vehicle connects to BMW's 
servers, and includes the addition of HTTPS — the secure version of 
hypertext transfer protocol — to data transmissions via the ConnectedDrive 
system.

A German automobile group called ADAC discovered the security flaw last 
year, opting to wait to disclose the discovery until BMW worked out a fix. 
The flaw has not been used in any attempted cyberattacks, according to 
both ADAC and BMW.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/