Sign in / up

back to article BMW web portal vulns pose car hack risk – researchers

Two unpatched vulnerabilities in BMW's ConnectedDrive web portal create a mechanism to manipulate car settings, a security researcher warns. The first (and more serious) vulnerability creates a means for a hacker to access another driver’s Vehicle Identification Number (VIN) before changing in-car settings such as lock/ …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Alert

    Technology, eh?

    This is exactly why my next 'new' car will be an Austin Allegro or Escort Mk III from fleaBay.

    14 2 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Technology, eh?

      Well, at least you won't contribute significantly to global warming.

      0 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Technology, eh?

        Well, at least you won't contribute significantly to global warming.

        Are you kidding me? The last Allegro I owned left a cloud of smog behind it that would put a VW to shame. That said, that was just before two conrods and associated parts exited through the side of the crankcase.

        There was a reason they earned the nickname "All Aggro" ...

        0 0 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: Technology, eh?

          That was my point - few of them ever managed a high mileage.

          My mother, while I was away, was persuaded to swap her beautiful Morris Minor with leather seats that I had kept in perfect mechanical condition for years, for an Agro. She's dead now and I've kind of forgiven her. I could not make her understand what she'd done. It got the driver's door kicked in by a horse, which proves that even horses have some taste.

          2 0 Reply
  2. A Long Fellow

    Obligatory Luddite Quote from Star Trek III

    Scotty: "The more they overthink the plumbing, the easier it is to stop up the drain."

    Make mine a horse or a bicycle.

    14 0 Reply
  3. Fred Dibnah
    Thumb Up

    Might be useful

    A hacker could at least make the indicators work.

    15 0 Reply
    1. Graham Lockley
      Reply Icon

      Re: Might be useful

      Case of mistaken brand I think, it's Audis that have the indicators turned off by default.

      5 1 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Might be useful

        No, our neighbour switched from an Audi to a BMW and the indicators don't work any better.

        6 0 Reply
        1. robidy
          Reply Icon

          Re: Might be useful

          Oh s*** we need genetic engineering after all :)

          0 0 Reply
  4. gollux
    Mushroom

    We are creating a world...

    That we richly deserve... While the planet dies off from under us, the dispossessed rise up against us, we create navel gazing cars that quickly gain the ability for others to transport us to misery.

    2 2 Reply
  5. mark 177
    WTF?

    VIN Confused

    I don't understand how entering a VIN can be part of the authentication process.

    After all, it is sitting there at the base of your car's windscreen, in the plain view of everybody.....

    13 0 Reply
    1. Zimmer
      Reply Icon

      Re: VIN Confused

      Have an Upvote, I was thinking the same......

      6 1 Reply
    2. The Original Steve
      Reply Icon

      Re: VIN Confused

      Not on my BMW. Was actually bloody annoyed that I had to pop the bonnet to be able to set up the connected drive services. Why the on board computer (iDrive) can't display it I have no idea.

      2 1 Reply
      1. mark 177
        Reply Icon

        Re: VIN Confused

        Can't display it 'cos it's not a Tesla.

        Will display it soon, as BMW+Mercedes are now shit-scared of Tesla.

        0 0 Reply
    3. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: VIN Confused

      A VIN should not be used for the same reason that a social security number in the US or NI number in the UK should never be used as a primary key. And anybody who hasn't thought about it enough to work out why should never be allowed near the system architect job.

      5 2 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: VIN Confused

        "A VIN should not be used for the same reason that a social security number in the US or NI number in the UK should never be used as a primary key."

        Seems a perfectly good candidate for a primary key to me - that's what they are by definition. They should not be used for authentication on their own.

        2 0 Reply
  6. ckdizz

    So basically it's like a BMW. Flashy, expensive, looks great but won't last a year and might kill you.

    2 0 Reply
  7. Al fazed
    Happy

    Who wants a BMW ?

    If anyone of such persuasion was to change the delivery address and tie a new owner to the VIN, I can think of a couple of people that could do with a FREE car as payment for all that they have contributed to this Cuntery. The list would include people like the executives in HR at BMW plant Oxford and several politicians (whose names I have to look up 'cos I haven't been paying that much attention). Anyways safe to say that these twats deserve nothing less - oh yeah and they could also come with a chatty android (unpaid) driver named Tay for good measure, as an expression of their faith and confidence in UK govermins IT schemes.

    0 1 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like