May 23, 2018 - Technology

Security vulnerabilities on some BMWs could allow remote access

BMW weel and logo.

Photo: Alexander Pohl/NurPhoto via Getty Images

There are 14 vulnerabilities in BMW’s vehicles that allow remote hacks that could affect drivers’ control of the vehicles, Tencent’s Keen Security Lab has found. The vulnerabilities were found in the location tracking systems; infotainment systems, including voice recognition services; and, in some cases, malicious hacks could be launched using "serious vulnerabilities" in the USB interfaces.

The big picture: BMW won't be the last auto company to have security gaps unearthed. As connected cars become more and more ubiquitous, we will see more researchers focusing on potential flaws in security design in automobiles.

About the potential attacks:

  • While nine required physical access to the car, five could be launched remotely via Bluetooth or a cellular network.
  • The vulnerabilities affect some i, X, 3, 5 and 7 Series designs, per the lab.

BMW’s response: BMW has verified the flaws and even given Tencent an award. The automaker has launched some over-the-air updates — and software updates will be available at dealerships.

  • What's next: BMW notes in its release on the award that there is room for future collaboration with Tencent on research.
Go deeper