Security Flaw In MINI Connected Leaves MINIs Open To Hacking
Cars are becoming more connected each day and just like with computers, smart phones and other “internet of things” connected devices it makes them targets of hackers. The 2014 – 2015 F55 and F56 feature a version of “MINI CONNECTED” that allows the BMW Group’s servers to provide live updates, web connectivity and features such as unlocking or preconditioning of cars. It’s this feature that has been exploited.
The problem was discovered by the Allgemeiner Deutscher Automobil-Club (ADAC), the German motoring association, similar in concept to AAA stateside but more powerful and all encompassing. The discovered attack took advantage of the remote unlocking feature of BMW’s Connected Drive / MINI Connected. It is reported that the hack was accomplished by reverse engineering the telematics software and then emulating a BMW server. The hack was reported directly to BMW so the necessary precautions could be taken.
BMW has closed the hole and is patching 2.2 million cars via an over the air update. The update is reported to now encrypt the data using the HTTPS protocol. It’s a scary thought that the BMW Group programmers did not think to encrypt such a feature to begin with.
While this hack only attacked the lock/unlock feature of the car it begs the question what would happen if another feature was also hacked that could impact driving safety or if this hole allowed the car to also start? The BMW Group and other auto makers need to take notice that cars are now targets of such hacks and that they need to be locked down just like other connected devices.
We can only hope that this is a one off event and that the BMW Group realizes the cars may be vulnerable in other ways and consult with software security firms to tighten up the code- MINI Connected is no longer a marketing tool or side project it is a feature of many cars that can be exploited by those not on the up and up.
The Fix
The conversion of the affected vehicles to encrypted communication is being carried out by BMW as an over the air software update and should be largely operational by January 31st.
Full list of cars affected
BMW
1 Series Convertible, Coupé and Touring (E81, E82, E87, E88, F20, F21) 2er Active Tourer, Coupé and Convertible (F22, F23, F45) 3 with Convertible, Coupe, GT, Touring and M3 (E90, E91, E92, E93, F30, F31, F34, F80) 4 Series Coupe, Convertible, Gran Coupe and M4 (F32 , F33, F36, F82, F83) 5 Series GT and Touring (F07 , F10, F11, F18) 6 with convertible and Gran Coupe (F06, F12, F13) 7 Series (F01 , F02 , F03, F04) I3 (I01), I8 (I12) X1 (E84) X3 (F25) , X4 (F26) X5 (E70 , F15, F85) , X6 (E71, E72, F16, F86), Z4 (E89)
MINI
Three-door and five-door hatchback (F55 & F56)
<p>So how do we get the update?</p>
<p>It is an over the air patch that was already sent out.</p>
<p>How can I verify that the update has been applied?</p>
<p>If your car has connected to the servers you have it. If you go in one of the sub menus and update services it will tell you everything is updated. each version is a little different and I do not think there is a clear way to ID a current version… there is a trick with BMWs to save profiles to a USB and the software version ends up in the file but I am not sure what the version is or the procedure is a MINI or if there is one unfortunately.</p>
<p>BMW has tried to keep the “Connected” stuff in house as much as possible and it is not the most user friendly compared to say a mainstream OS…. that is said to change in the not so distant future.</p>
<p>Does this affect all MINIs with connected (R series and F series)?</p>
<p>You mean they WEREN’T using HTTPS!? Securing communication over the internet is basic – what were the programmers thinking?</p>
<p>so is there a way to remotely unlock a mini’s door? not talking about a hack, just if you got locked out.</p>
<p>no there isn’t, that only applies to bmws :(</p>
<p>BMW has downplayed security issues in the past:
<a href="http://www.zdnet.com/article/hackers-steal-keyless-bmw-in-under-3-minutes-video/" rel="nofollow ugc">http://www.zdnet.com/article/hackers-steal-keyless-bmw-in-under-3-minutes-video/</a></p>
<p>This sort of thing (security related issues) are only going to get more important over time so they’d better get their act together.</p>
<p>hmm… I have a 15 with the Media package so it has Connected but there is no function for door locks, so what’s all the fuss about? They can hack into my fb or Spotify? lol</p>
<p>It’s a function that isn’t currently available for MINI customers. But BMW owners can unlock and lock their cars from their phones – in fact they’ve been able to since at least 2011.
All that said it doesn’t matter that it’s not available for owners. If it’s in the system it can be exploited of its unpatched.</p>
<p>without the integrated cellular connection, how will it be patched? without the integrated connection, how would a hacker take advantage of it?</p>
<p>ok, seems weird that the car isn’t capable of this feature yet they must patch it… better safe than sorry I suppose. I rarely use the feature on my bmw</p>
<p>It is capable. It’s just not publicly available.</p>
<p>when did mini’s get integrated cellular connections?</p>
<p>Given what we went through with Toyota and Audi regarding Sudden Unintended Acceleration, BMW needs to be VERY careful in how they deal with this…</p>