May 23, 2018

Security vulnerabilities on some BMWs could allow remote access

Photo: Alexander Pohl/NurPhoto via Getty Images

There are 14 vulnerabilities in BMW’s vehicles that allow remote hacks that could affect drivers’ control of the vehicles, Tencent’s Keen Security Lab has found. The vulnerabilities were found in the location tracking systems; infotainment systems, including voice recognition services; and, in some cases, malicious hacks could be launched using "serious vulnerabilities" in the USB interfaces.

The big picture: BMW won't be the last auto company to have security gaps unearthed. As connected cars become more and more ubiquitous, we will see more researchers focusing on potential flaws in security design in automobiles.

About the potential attacks:

  • While nine required physical access to the car, five could be launched remotely via Bluetooth or a cellular network.
  • The vulnerabilities affect some i, X, 3, 5 and 7 Series designs, per the lab.

BMW’s response: BMW has verified the flaws and even given Tencent an award. The automaker has launched some over-the-air updates — and software updates will be available at dealerships.

  • What's next: BMW notes in its release on the award that there is room for future collaboration with Tencent on research.

Go deeper

Minneapolis unrest as hundreds protest death of George Floyd

Protesters and police clash during demonstration on Wednesday over the death of George Floyd in custody outside the Third Police Precinct. Photo: Kerem Yucel/AFP via Getty Images

Minneapolis police clashed for a second night with protesters demonstrating the death of George Floyd, an African American man who died in police custody.

The latest: Minnesota Gov. Tim Walz tweeted late Wednesday that the situation where the clashes were taking place was "extremely dangerous" as he urged people to leave the area. There were multiple news reports of police firing tear gas at protesters and of some people looting a Target store.

Blue Cross Blue Shield insurers sue CVS, alleging drug pricing fraud

Photo: John Lamparski/SOPA Images/LightRocket via Getty Images

Six Blue Cross Blue Shield insurers have sued CVS Health, alleging the pharmacy chain overcharged them based on "artificially inflated prices" for generic drugs and concealed the true cash prices of those drugs.

The big picture: CVS has faced legal scrutiny over its cash discount programs since 2015, and this lawsuit adds big names to a mounting problem.

World coronavirus updates

Data: The Center for Systems Science and Engineering at Johns Hopkins; Map: Axios Visuals

New Zealand has only eight active novel coronavirus cases and no COVID-19 patients in hospital after another day of zero new infections. However, the death toll rose to 22.

Zoom in: A top health official told a briefing a 96-year-old woman "was regarded to having recovered from COVID-19 at the time of her death, and COVID-19 is not recorded as the primary cause of her death on her death certificate." But it was decided to include her in the overall tally of deaths related to the virus.