Slashdot Mirror
BMW Patches Security Flaw Affecting Over 2 Million Vehicles
An anonymous reader writes BMW has fixed a security bug which left 2.2 million cars, including models from Rolls Royce and Mini, exposed to hackers. The flaw was discovered in vehicles using BMW's ConnectedDrive software, which runs from an installed on-board Sim card. Via the smartphone app, owners can remotely control a number of functions including door locks, air conditioning and sounding the horn. Researchers from the German motorist association ADAC identified the flaw which allowed the system to connect to fake mobile phone networks, enabling hackers to remotely control the Sim card.
Seriously, car systems should have, at most, a dumb screen that I can extend with whatever computer hardware I choose to add, if any. I cannot comprehend why anyone would want a built-in navigation system, for example, when my phone already does it, and does it better. Just write an app that lets me broadcast my screen through my USB port while I charge.
Trusting networks is a bad idea. Trusting the wrong network is only slightly worse.
In other news, accessing your banking information using Starbucks wifi isn't as safe as you'd like.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
Seriously, car systems should have, at most, a dumb screen that I can extend with whatever computer hardware I choose to add, if any. I cannot comprehend why anyone would want a built-in navigation system, for example, when my phone already does it, and does it better. Just write an app that lets me broadcast my screen through my USB port while I charge.
The user interface on phones suck. It is difficult and dangerous to enter a destination, and it requires you to hold your phone or buy or manufacture something to hold the phone up in your line of sight so you don't have to keep glancing down at it. Then what happens if you get a phone call? You have to pick it up (unless the car has bluetooth, which I would imagine if you don't like integrated GPS, you probably don't like integrated bluetooth either.)
Phones are capable of doing a lot of things that they are not very good at and purpose built devices are orders of magnitudes better than phones at just about everything except making phone calls. In fact, the phonebook on my car's bluetooth connection to the phone is better than the interface on my phone.
My built-in GPS shows road construction and accidents, something my phone doesn't do, and it shows it on a 8.8 inch screen, something my phone doesn't do.
If you are not allowed to question your government then the government has answered your question.
From TFA:
BMW has now applied a patch employing HTTPS protocol (HyperText Transfer Protocol Secure) to encrypt the data from the cars.
"On the one hand, data are encrypted with the HTTPS protocol, and on the other hand, the identity of the BMW Group server is checked by the vehicle before data are transmitted over the mobile phone network," BMW released in a statement.
How could professional system designers have made the decision to not implement HTTPS in the first place?
Cars really don't need cell phones.
So, what's the fix? Before, everybody could remotely open your car, now only BMW can do it? They call that a "fix"?
If by solution you mean major hacker targets.
Actual solution: stop making the car OS connected to the Net, and keep those systems totally separate.
-- Tigger warning: This post may contain tiggers! --
I started out admiring disruptive tech. As the years rolled on, I noted that computation and networking were no longer under our control; we've no choice in how we are connected, nor to which computers we use, for instance in cases such as these. The motivation for change is to make more money, first, and next to improve surveillance and control. Convenience is just a by-broduct.
I see no reason to not-use a key to open my door. At least the thief has to be physically present to break into a mechanical locked door. Networked computers will never be secure, not when backdoors are mandated by manufacturers and cops of all sorts. And those backdoors will be in the hands of crooks in months if not hours. Hell, the crooks are finding the backdoors the cops-of-all-sorts then use themselves.
Waiting on my Elio. eliomotors.com Back to the future. K.I.S.S.
And hey, it's possible to build a mechanically locked door no AAA locksmith can open. It's just that we WANT to be able to break into our own cars, if necessary. The key words being "we" and "our own".
OP here.
Your phone doesn't do those things, but there's no reason it *can't*.
Phones have high-speed data/charging ports, yet they go unused. And I have no problem with bluetooth as an option. Hell, I've added bluetooth to my car.
Using my phone via bluetooth has been great. I have a holder for my phone to display GPS info, google maps ABSOLUTELY DOES show traffic delays (I don't care if it's construction, accidents, or whatever, I only care that it impedes my travel), and most importantly, my car isn't communicating with a WAN outside of my control. And since it's my phone, it still has my "home" address saved (along with any other address I choose to save) the moment I set it up... and if someone else were to steal my car, they won't suddenly also know where I live, work, and anywhere else I visit.
Hell, just give me a 10" screen with HDMI, I'll get a chromecast for my car.
They've known about this for at least 7 years, they're just now getting around to this? This was disclosed to car manufacturers years ago and demonstrated at a blackhat conference as recently as 3 years ago...why are they just getting around to this now? Hell last year the news was buzzing with stories of people doing this very thing caught on surveillance cameras...
I have a navigation system in my car - got it built in. That's aside from my phone navigation. My phone navigation tends to be more approximate than my car's. It keeps sampling frequently enough to know that I've not taken an exit, or that I'm under a bridge, and so on. Also, it's a lot more convenient to follow, than a phone, which I'd have to attach on the console and turn my head to see it. As opposed to just turning my eyes on the radio to see where I am
A 1974 1/2 MGB-GT.
Seriously, car systems should have, at most, a dumb screen that I can extend with whatever computer hardware I choose to add, if any. I cannot comprehend why anyone would want a built-in navigation system, for example, when my phone already does it, and does it better. Just write an app that lets me broadcast my screen through my USB port while I charge.
I'm not sure I understand your question - how will manufacturers sell you a $2000 entertainment and navigation system if you use your phone for that? And even if they wanted to do this, how could so many different manufacturers cooperate to come up with a single standard for a smart phone interface, surely every manufacturer would have to implement things slightly differently, like they do with bluetooth support where some features work in some cars, but not others.
Seriously, car systems should have, at most, a dumb screen that I can extend with whatever computer hardware I choose to add, if any.
Which is exactly what TFS specified.
I cannot comprehend why anyone would want a built-in navigation system, for example, when my phone already does it, and does it better.
Does your phone's GPS still work without a signal? The one in my car does.
Just write an app that lets me broadcast my screen through my USB port while I charge.
Not a bad idea on the face of it, but any car maker with a half-conscious legal department is going to make it turn off whenever the car is moving. No-one wants to get sued by the first person to crash and burn because they were watching a movie.
In addition to what I write below, my car navigation system has a bluetooth connection to my phones, and in that mode, it turns off the radio/music and goes into the phone mode if someone calls. The controls are all on my steering wheel, and can be adjusted by my thumb w/o taking my hands or eyes off the wheel. Talking about using Google Maps or Apple Maps, problem is that I'd have to enable the cellular data connection on my phone, and for what? When I get a navigation on my car that doesn't involve blowing up my monthly cellular/internet bills. Yeah, I got the navigation system w/ my car b'cos I specifically asked for it - wanted both a GPS as well as Sirius, so went for that option.
I have a navigation system in my car - got it built in. That's aside from my phone navigation. My phone navigation tends to be more approximate than my car's. It keeps sampling frequently enough to know that I've not taken an exit, or that I'm under a bridge, and so on. Also, it's a lot more convenient to follow, than a phone, which I'd have to attach on the console and turn my head to see it. As opposed to just turning my eyes on the radio to see where I am
I just prop my phone up against the instrument panel (on a sticky rubber pad to keep it in place), I can see even easier than if I had a center mounted GPS since it just takes a quick glance downwards,I can't really use the phone touch screen easily while driving, which is probably a good thing. The only only blocks the tachometer (pretty useless with an automatic transmission) and most of the fuel gauge, so it's actually a pretty reasonable place to put it).
For actual navigation, the phone GPS works as well as any built-in GPS I've used.
I wish I could tell the phone to reverse the display, at night if I put it on the dashboard face up, it reflects back nicely as a HUD.
open network better then ATT only with very high roaming fees. Fees so high that 50MB is about $1000 so 1-2 GB can cost you as much as a NEW CAR.
in car systems are massively overpriced, but I would never choose to use my phone over my incar navigation. Phones are awkward, unwieldy with smaller screens and no integration.
Cars are just teh beginning... wait till they connect your shirt, pants and pocket pens to the insecured internet.
The user interface on phones suck. It is difficult and dangerous to enter a destination,
Mine works just fine. Only a fool would enter a destination into anything regardless of form factor while driving.
and it requires you to hold your phone or buy or manufacture something to hold the phone up in your line of sight so you don't have to keep glancing down at it.
Readily available equipment in a number of styles and mounting options.
Then what happens if you get a phone call?
You press the answer button on your Bluetooth deck. No bloody touch screen and no bloody need to at anything to answer the call.
You have to pick it up (unless the car has bluetooth, which I would imagine if you don't like integrated GPS, you probably don't like integrated bluetooth either.)
There are a number of problems with integrated systems. When they break your screwed, when they get old and nobody wants to support it your screwed. If they make you pay a subscription fee or fees to update maps your screwed. If integrated with Cell modems and vendors and or criminals are spying on you your screwed.
Phones are capable of doing a lot of things that they are not very good at and purpose built devices are orders of magnitudes better than phones at just about everything except making phone calls.
Putting a phone in its little holder when you get into the car works for me. The few times I run mapping applications google TTS stack provides clear directions without even having to look at the map. When I do it is quite clear and big enough. This is all offline application with no access to the Internet or cellular network and I don't have to worry about dealing with subscriptions or unnecessary hoops to update maps or software.
My built-in GPS shows road construction and accidents, something my phone doesn't do, and it shows it on a 8.8 inch screen, something my phone doesn't do.
Mine does if you want it to. Never used it.
The user interface on phones suck.
LOL Not nearly as bad as the user interface on my BMW. Ever tried typing an address with a scroll wheel? And the voice recognition is no better.
It is illegal to use a handheld device in our cars around here, so I either use the much more distracting iDrive or risk the fine with the much easier to use phone. Does not make anyone safer, though.
The old VW bug in Sleeper is more realistic than I ever thought. Anything with a chip in it may be useless in the future as databases of hacks and back-doors build up over time.
Table-ized A.I.
BMW patches the flaw that prevents drivers from using their frickin' turn signals.
If you have Google Maps or Apple Maps, you need your data connection. There are other options available. I use Sygic and others are available. All offline. Some free, some you pay for.
If you add a (bluetooth) OBDII dongle, you can get the car data from the engine as well.
Many people have added their tablet (Apple and Android) as their primary interface for media. There is specific software available to do all this. Nothing stops you doing the same with your phone.
At this moment about 95% of the time all my radio does is transfer the sound of my phone to my boxes. I have not configured a radio station yet in the 5 years I have it. On big road trips, I prefer the Garmin, because it is easier to add a route like this into a route on the Garmin using Tyre and the Garmin software.
Added advantages for using my phone and not an internal system? When I want to do changes to it, I can do it at my desk. I can get a new device and upgrade or downgrade it as I please. If I drive with somebody, I can listen to their music. If they steal my car-radio, I buy a new one for 50-100EUR.
Don't fight for your country, if your country does not fight for you.
your phone is reliant on having a cell tower or wireless signal, hell that isn't even reliable in many cities let alone on highways and outback places where it becomes critical. In Australia we have had people almost die because they relied on their cell phone as a means for navigation.
You can have most androids, and I believe apple phones too, "Auto Rotate" their screen. Flip it in your hands it so the screen is correctly oriented for your HUD reflection when subsequently laid flat, then carefully place it in the panel so it reflects as desired. When laid flat,the phone will wait for a threshold (more than 10 degrees in my experience) of further rotation before changing the screen again - giving you the result you wanted!
I've done it with my Xperia Z Ultra and my Ford Transit EF-LWB - it works!
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen
While it's not ONE standard, there is Android Auto and Apple CarPlay. And it's already being implemented by auto manufactures (2015 Hyundai's, for example). And even though there are two competing standards, multiple manufactures have stated that their cars will support both.
I don't know about that. I much prefer to use my garmin than the gps in my phone.
The best option is MirrorLink, which basically displays your phone's screen on the car's navigation screen and passes through touch input and audio. You can then use your preferred navigation app and phone's data connection, but on a nice big screen that is fixed solidly to the dashboard.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
The last time I remember Triple-A making news was when they came out in favor of the 55 MPH speed limit. That makes them an organization for motorists in the same sense that the unions in Communist countries were organizations for workers.
In the US we had people die because the relied on their rental car navi. The asked for a route and it gave it them the shortest one. Down 4x4 roads through death valley.
They found the bodies a few weeks later.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Alternatively, turn auto-rotate off, then manually and physically rotate the phone into the desired HUD orientation.
You're welcome. No more unwanted rotations on bumps or steep inclines.