Monday 2 February 2015

BMW Remote Unlock Wasn’t Using Secure HTTP

Ah, the old HTTP versus HTTPS. If you want to keep people out, that trailing ‘S’ should be the first thing you do, especially if you’re trying to keep people out of a luxury automobile. It turns out that BMW screwed up on that one.


BMW has an infotainment feature called ConnectedDrive which builds your favorite apps and services right into the dashboard. You can even unlock the vehicle using this system which is built around a piece of hardware that includes a GSM modem and permanent SIM card. A security research group recently discovered that the commands sent for …read more






Read the full article here by Hackaday

No comments: