Friday, 2015-02-20 16:49

ADAC hack – serious security vulnerabilities in BMW‘s "Connected Drive"

Initially, ADAC just wanted to find out which information is revealed by vehicles from the Bavarian automobile manufacturer when they use the telemetry service "ConnectedDrive". However, what the specialists from Heise Magazine Publishing discovered was far more astounding. The specialists equipped with sufficient knowledge about hardware, embedded software and cryptography, found out that the cars can be unlocked easily and fast by using a mobile GSM base station and a laptop.

"The required equipment fits in a briefcase or a backpack" is reported in the c’t issue 05/2015. The specialists exploited some glaring security vulnerabilities:

  • partially, outdated encryption was used
  • the keys were found in an external flash module that could be read easily and fast
  • the keys were identical for every car
  • a connection to the BMW backend was unencrypted (plain text HTTP)

The analysis of BMW’s ConnectedDrive is part of a series of security analyses of embedded systems from German manufacturers where security vulnerabilities were discovered (cf. Heise News "Vaillant heating with security leak" April 15, 2013). SEVENSTAX will be happy to provide assistance on how to avoid such deficiencies right from the start.