Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To Hack a BMW: Details On the Security Flaw That Affected 2.2 Million Cars

Posted by timothy on Saturday February 7, 2015 @12:10AM from the ultimate-something-machine dept.

0x2A (548071) writes BMW recently fixed a security hole in their ConnectedDrive software, which left 2.2 million cars open to remote attacks. Security expert Dieter Spaar reverse engineered the system and found some serious flaws [note: if you'd prefer English to German, try this translation], including using the same symmetric keys in all vehicles, not encrypting messages between the car and the BMW backend or using the outdated DES.

1 of 83 comments (clear)

Min score:

Reason:

Sort:

Definition of "Remote Attack" by Anonymous Coward · 2015-02-07 00:14 · Score: 5, Insightful

Somehow I don't think the definition of "remote attack" is "disassemble the computer, attach all kinds of expensive hardware to analyze communications and firmware, hack into the firmware to retrieve the encryption keys, so only then you can use a base station emulator to trick the car into thinking your remote machine is a BMW firmware server."
The "remote attack" requires physical access, specialized skills, and intense hardware interaction. It is not something that some Romanian skript kiddie can pull off from their mom's basement.