Tag Archives: BMW

News Bites for Friday May 25, 2018

FCC Investigates Securus

Now that LocationSmart who’s data was used illegally by a Sheriff to track other law enforcement officers and was then hacked is out of the closet, their somewhat shady but possibly completely legal business practices are no longer in the shadows and the FCC has begun an investigation.  We shall see if the FCC does anything – stay tuned.  They say that they are working to verify that their data was always used with people’s consent.  If it was, I bet the consent was pretty subtle (Source: Ars Technica).

Comcast/Xfinity Web Site Leaks Customer Info

A bug in Comcast’s Xfinity web site that customers use to set up their Internet connection leaks customer address and WiFi network name and password, which, apparently, Comcast stores unencrypted.  All it takes is the account number and the house number of the street address.  IF the customer is providing his own router, then Comcast does not know that information and would not be able to leak it.  The “bug” will return the user’s address and password, among other info, even if the service has previously been activated.  Comcast says that there is nothing more important than their customer’s security;  they removed the feature from their web site after they were told about it (Source: ZDNet).

Apple Allows Users To See Their Own Data on Eve of GDPR

Two days before the law forced them to, Apple has debuted a new web site called PRIVACY.APPLE.COM .  Right now it only works where they have to do it or face a fine of up to $9 billion.  That is a pretty good motivator.  Apple says it will be available later in other places.  Among the data that you will be able to see is :

  • App Store, iTunes Store, iBook Store, and Apple Music activity
  • Apple ID account and device information
  • Apple online store and retail store activity
  • AppleCare support history, repair requests, and more
  • Game Center activity
  • iCloud bookmarks and Reading List
  • iCloud Calendars and Reminders
  • iCloud Contacts
  • iCloud Notes
  • Maps Report an Issue
  • Marketing subscriptions, downloads and other activity
  • Other data

Source: Cult of Mac

Chinese Hackers Find Over a Dozen Bugs in BMW Cars

Chinese security researchers have disclosed 14 vulnerabilities in a host of BMW vehicles including the 3 series, 5 series, 7 series, i series and X series.

4 flaws require physical access; another 4 can be exploited with indirect physical access.  Some of them can be exploited remotely via the entertainment system, the telematics system while others exist in the head unit.

Some of the bugs can be patched “over the air”, but others require the owner to bring the car into the dealer to fix.

One thought.  Given these researchers work for the Chinese government, how many vulnerabilities did they find and not tell us about?  That is not a far fetched scenario (Source: The Hacker News).

The Year Of The Car Hack? GM Onstar, VW, Audi and Many Others

GM Says that they have fixed the vulnerability that allowed a hacker to take over the GM Onstar Remotelink software.   Once the hacker has taken over the software, she can do anything the owner can do – remote unlock, remote start, etc.   The attack worked because GM was not validating the SSL certificates used by the app.   The researcher says not only does it still work but he has extended the attack to work on BMW Remote, Mercedes-Benz mbrace, Chrysler’s Uconnect and Viper SmartStart.

The researcher only tested his attack on iPhones, but I suspect the same technique will work on Android phones too.

The challenge here, of course, is designing mobile software securely.  While you may not like it if your mobile game leaks your name or age, you really won’t like it if your mobile apps gets your car stolen.  Banking apps figured this out a long time ago.  I guess automakers have to learn it all over again.

Now, on to VW.

Bloomberg is reporting that VW has been fighting security researchers for two years because they want to release a paper on a security vulnerability that they found the remote keyless entry system.  The vulnerability affects not only VW, but also Fiat, Audi, Ferrari, Porsche and Maserati.  VW has finally given in and the paper will be published with very minor redactions.

The rub is that the only fix is to replace both the keys and the controller inside the car.  Given that this likely affects millions of cars and VW would have to pay for all of these car manufacturers to recall these cars, VW would like this to go away.

Pretending security flaws don’t exist is kind of common and unless security researchers are allowed to continue exposing them, the only people who will know about the flaws are the bad guys.  There are some proposed U.S. laws that would make this research illegal.  Those in the know have been fighting against this, but it is a continuing battle.

Would you prefer that security researchers operate in public, tell companies and product owners that they are vulnerable and allow the vulnerabilities to get fixed.  Or, would you prefer they operate in the shadows and sell their exploits to organized crime?  How much do you think a car theft ring would pay for an exploit that allows them to own a high end Audi or BMW in less than 60 seconds?  I assume that would be worth tens of millions.

The London police say that 42% of stolen vehicles is done via hacking the keyless entry systems.  That’s pretty amazing.

As I keep saying – convenience or security, pick one.

On the other hand, it doesn’t mean that you cannot make technology bullet resistant (notice I didn’t say bullet proof), but it takes some work.

I am not sure why, but this year seems to be the year of the car hack.  They year is not over  yet, so stay tuned.





Information for this post came from SCMagazine and Bloomberg.

Do you keep your car keys in freezer? Maybe you should!

A recent Network World article talks about the world of high tech auto theft.

Using a $17 amplifier, thieves were able to boost the signal between your car and your key fob sitting on the kitchen table and convince your car to open up.

The article has links to several other articles including one that talks about cloning a high end BMW with a blank key in less than 3 minutes.  Break a window (and block the alarm going off too), plug something into the diagnostic port near the steering wheel and clone the key.  Then just plug it in and drive off.  Apparently hundreds of BMWs have been stolen this way in Europe.

And the freezer?  Apparently the freezer acts as a shield for the radio waves and the amplifiers don’t work.

I suspect this is more difficult that it seems and requires a degree of skill, but given the payoff for stealing the car – the crooks are working on it.  And the cops don’t seem to have a handle on it – sometimes blaming the car owner for leaving the car unlocked.

In one video, the crook opened the car, stole a laptop out of the back seat and a $15,000 custom bicycle out of the hatch.  This problem is easy to solve – don’t leave valuables in your car.  Oh, and the considerate crook even locked the car again when he left.  All caught on video.


BMW Fixes Bug That Would Allow Hackers To Unlock Your Car

BMW announced that it had fixed a bug that would have allowed hackers to compromise it’s ConnectedDrive car automation system.  The bug affected over two million BMWs, Minis and Rolls Royces, according to Mashable.

Apparently, the communications between BMW’s servers and your car were not even encrypted, so the solution was to use HTTPS to encrypt the traffic.

BMW claimed that the bug did not affect the driving, steering or braking functions of the car.  That’s great, but I am not sure that this is the bar that we should measure their security by.

ADAC, a German automotive group, discovered the bug in the middle of last year and decided not to announce the bug  until BMW came up with a solution.

BMW, the article says, patted itself on the back for coming up with a fix so quickly.  Others said that HTTPS should have been there in the first place.

The good news is that BMW owners do not need to take the car into the dealer to fix the problem;  the fix will be downloaded the next time the car connects to BMW’s servers.

Given how poor BMW’s security was around the car automation function, I am not sure that BMW’s being able to load new firmware into the car over the air is a good thing.  They may want to review the security of that process as well.  I can just see a hacker downloading new firmware into my car causing the car to do who knows what.

Unfortunately, I suspect that this problem will only get worse for a long time before it gets better.