BMW reportedly has fixed a serious security flaw that could have allowed hackers to seize control of some of its cars’ systems.

According to techweekeurope.co.uk, the flaw could have allowed hackers to open doors of 2.2m vehicles across all three group brands – Rolls-Royce, Mini and BMW  – and also allowed hackers to access the onboard vehicle computer system, which manages everything from engines and brakes to air conditioning.

Go deeper with GlobalData

Data Insights

The gold standard of business intelligence.

Find out more

The tech website said BMW responded to reports from German automobile association ADAC which had spotted a potential security gap when data is transmitted.

The flaw concerned the ConnectedDrive software that used on-board SIM cards allowing drivers to activate door locking mechanisms and a number of other services.

The security risk apparently occurred when data was transmitted but BMW said that it did not impact the car’s critical functions such as driving, steering or braking. ADAC security researchers were able to simulate the existence of a fake phone network which BMW cars attempted to access, allowing hackers to manipulate functions activated by a SIM card.

According to techweekeurope.co.uk, BMW said it had fixed the problem by encrypting the communications inside the car using the same HTTPS (Hypertext Transfer Protocol Secure) standard used in web browsers for secure transactions such as online banking.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The software update is done automatically when the vehicle connects to a BMW Group server or the driver calls up the service configuration manually.

“No cases have come to light yet in which data has been called up actively by unauthorised persons from outside or an attempt of this kind [was] made in the first place,” the car maker reportedly said.