BMW's Remote Access to our Vehicles?

[Best4x4xFAR]

So every year vehicles are more and more 'connected' than ever. I get that (don't necessarily like it, but get it). So I came across this article:

BMW Remotely Locks Stolen Car With Alleged Thief Still Inside

Okay, I had a laugh, but it brought up memories of the FBI 'forcing' GM's Onstar to 'bug' certain vehicles of suspected criminals, and I'd assume the same capability exists here with the BMW assist system..

What has always really bothered me about the remote connectivity of the vehicles though is vulnerability to hacking/attack.

And then I read this article and it says at the end, "In 2015, BMW announced that it was increasing security on ConnectedDrive after the German Automobile Association found it could wirelessly send any command through the system, which apparently used no encryption. And in July, a security researcher discovered that BMW’s own ConnectedDrive web portal appeared to have vulnerabilities that allowed attackers to hack vehicles through a browser."

Another Article on the vulnerability

And Another..

Uh, Am I the only one this disturbs?

So I have a 2013 Model. I don't pay for BMW Assist, but Realize that the system is likely still accessible by BMW.

• Connected Drive was first incorporated into US vehicles in 2014 I believe, so maybe this doesn't affect my car at all? Or is it still vulnerable though the BMW assist interface that is in my 2013 E70?
• Does anyone know if these security issues have been addressed in any software updates?
• And if so how do I tell if it has been addressed on my vehicle?
• Can the SIM Card be removed, to 'cut the link' on the vehicle, and if so where is it?
• Would removing the SIM Card have any adverse effects, beyond the loss of BMW Assist capability?

**Forgive me if this has been discussed, I searched but didn't really find anything, but it could have been my search skills**

Edit: Appears my 2013 does have Connected Drive..

[740iS]

Well, first, if your 2013 has had the updated combox installed (would have to provide the last 7 of your VIN to BMW Connected Drive to confirm) then it is on the 4G network and still "accessible" by BMW. If your's hasn't been upgraded it is on the 2G network which was shut off a while back and no longer accessible by BMW.

[ard]

while I am a bit of a privacy nut, I dont get too excited about them having 'access' to the car itself....



What DOES concern me is the ability of our cars (OUR cars!!!) to store data, and then that data then being accessible to others at some future point in time. These things are owned by us, the data is ours- yet we cannot see this, cannot control it, cannot erase it, cannot prevent it from being recorded.

[740iS]

I agree with you there!

[aloyouis]

Quote:

Originally Posted by ard

while I am a bit of a privacy nut, I dont get too excited about them having 'access' to the car itself....



What DOES concern me is the ability of our cars (OUR cars!!!) to store data, and then that data then being accessible to others at some future point in time. These things are owned by us, the data is ours- yet we cannot see this, cannot control it, cannot erase it, cannot prevent it from being recorded.

100% agree. When will this data be used against us?

It WILL be at some point.

[ard]

Quote:

Originally Posted by aloyouis

100% agree. When will this data be used against us?

It WILL be at some point.

Ha. Been happening for years.


I looked into this for a friend, having issues with insurance after an accident. You can hire an accident investigator to download the data, analyze it. You can sue, and as part of discovery you can demand access to the OTHER driver's data.






Im starting a service- for $2500, we will hack into your DME via cell connection, scrub the memory, make it look like the module just up and fried....untraceable erasure....we only take bitcoin at present.