German carmaker BMW has fixed a security flaw that seemingly allowed hackers to unlock the doors of over 2 million Rolls-Royce, Mini and BMW vehicles. Officials at the luxury manufacturer said the flaw affected cars equipped with the company’s Connected Drive software using on-board SIM cards.
BMW drivers can use the software and SIMs to activate door locking mechanisms as well as a range of other services include real-time traffic information and air conditioning. The security risk occurred when the data was transmitted.
The ADAC, Germany’s largest automobile club, had discovered the security gap which essentially left cars vulnerable to being opened from the outside with the help of a cell-phone. The club had run several tests on numerous cars and confirmed the findings. Though hackers were able to unlock the doors, it did not allow them to drive away the vehicle.
Cars that appeared to be vulnerable to the flaw included the Rolls-Royce Phantom, Mini hatchback and most BMW models including the i3 electric car. All the vehicles were produced between March 2010 and December 2014, ADAC said.
Still, the Munich-based BMW has been impressively quick-off-the-mark and assured drivers that the issue had now been fixed. The company said it had upgraded the system to close the security gap and that vehicles would be updated the next time they connected to BMW’s server.
“The BMW group has responded promptly and increased the security,”
“The online capability of BMW Group ConnectedDrive allowed the gap to be closed quickly and safely in all vehicles,” BMW said. “There was no need for vehicles to go to the workshop.”
The company said it was not aware of any case in which hackers had successfully exploited the security flaw.