BMW pushes security patch to hackable connected cars

Connecting stuff to the internet can sometimes introduce fun new vulnerabilities, and so it has proven in the case of millions of BMW cars.

On Friday the German auto outfit announced it was sending an over-the-air update to cars featuring its SIM-based ConnectedDrive module. This allows drivers to remotely unlock their car, but the German automobile club ADAC had reverse-engineered the telematics software and warned [company]BMW[/company] that a flaw made it possible for third parties to unlock vehicles.

In a statement, BMW stressed that there wasn’t a flaw in its hardware, nor would any driving-related functions have been affected. The update, which introduces HTTPS encryption to the car’s connection with BMW’s servers, is automatically downloaded as soon as the car module talks to that system.

Hackers were in theory able to dupe the car into unlocking by creating a fake mobile network, according to Reuters. There is no evidence that the flaw has been exploited, though it was present in up to 2.2 million BMWs, Minis and Rolls-Royces. According to PC World, BMWs in the U.S. will get the update this week.

On the one hand, it’s great that BMW was able to distribute the update so efficiently. On the other, a system such as this should really have been communicating using encryption in the first place. There’s a lesson here for the manufacturers of connected anything.

CES is finally over. Here’s everything you missed

We expected CES this year to be about connecting everything from watches to toothbrushes to virtual worlds. We did see a lot of connected, crazy gadgetry and more: the FCC’s Tom Wheeler hinted at his net neutrality decision and even Twitter won an Emmy to wrap up a long, weird week in Sin City.

Here’s a complete list of our coverage, broken down by topic, so you can get caught up on all the new tech to start the year:
TV and cord cutters
Wearables
Internet of Things
Phones and tablets
Computers
Connected Cars
3D printers, VR and a dose of science

TV and cord cutters

DISH President and CEO Joe Clayton makes his entrance playing a drum with kangaroo characters at a press event for DISH at the 2015 International CES on January 5, 2015 in Las Vegas, Nevada.

DISH President and CEO Joe Clayton makes his entrance playing a drum with kangaroo characters at a press event for DISH at the 2015 International CES on January 5, 2015 in Las Vegas, Nevada.

Wearables

Smartwatches the Burg 12, left, the LG G Watch R, center, and the Moto 360 are arranged for a photograph during CES in Las Vegas on Jan. 6, 2015.

Smartwatches the Burg 12, left, the LG G Watch R, center, and the Moto 360 are arranged for a photograph during CES in Las Vegas on Jan. 6, 2015.

Internet of Things

Mother smart home solution glows on a shelf during CES on Jan. 6, 2015.

Mother smart home solution glows on a shelf during CES on Jan. 6, 2015.

Phones and tablets

A LG G Flex curved smartphone is displayed at the 2015 Consumer Electronics Show (CES) in Las Vegas, Nevada on  Jan. 8, 2015.

A LG G Flex curved smartphone is displayed at the 2015 Consumer Electronics Show (CES) in Las Vegas, Nevada on Jan. 8, 2015.

Computers

The Hewlett-Packard Co. (HP) Pavillion Mini Desktop computer is displayed at the 2015 Consumer Electronics Show (CES) on Jan. 8, 2015.

The Hewlett-Packard Co. (HP) Pavillion Mini Desktop computer is displayed at the 2015 Consumer Electronics Show (CES) on Jan. 8, 2015.

Connected cars

Jen-Hsun Huang, chief executive officer of Nvidia Corp., introduces the Drive CX Digital Cockpit Computer during a news conference ahead of CES on Jan. 4, 2015.

Jen-Hsun Huang, chief executive officer of Nvidia Corp., introduces the Drive CX Digital Cockpit Computer during a news conference ahead of CES on Jan. 4, 2015.

3D printers, VR and a dose of science

An attendee tries out a Samsung Gear VR headset during the 2015 Consumer Electronics Show (CES) on Jan. 6, 2015.

An attendee tries out a Samsung Gear VR headset during the 2015 Consumer Electronics Show (CES) on Jan. 6, 2015.

Unlike the U.S., Europe doesn’t plan to mandate connected cars

The European Commission has announced a set of standards for connected car systems, but privacy enthusiasts will be glad to hear such systems won’t be mandated by law, unlike in the U.S. However, practically speaking, connected cars will become the norm.