Taking Control of an M3 by hacking it wirelessly

Nautik · 04-25-2011, 03:08 PM

Anyone know what BMW is doing to prevent this? If you are not familiar with what I am talking about you might want to read this article:

http://www.technologyreview.com/computing/35094/?a=f

It would be nice to know that BMW is making an effort to secure the wireless components of our cars...

ADV.1 Matt · 04-25-2011, 03:21 PM

^^ Didn't even know that was possible. Very interesting (and slightly unnerving).

OC3 · 04-25-2011, 03:36 PM

We're venturing into a scary world... Pretty soon, you almost have to be a wireless/IT security expert to harden your car from external wireless attacks.

Nautik · 04-25-2011, 04:06 PM

Quote:

Originally Posted by OC3

We're venturing into a scary world... Pretty soon, you almost have to be a wireless/IT security expert to harden your car from external wireless attacks.

Yea that is why I would prefer a car who's ECU was completely isolated from any other information systems on the vehicle (such as all the GPS, media, wireless functions, etc.)

That way even though someone may be able to track where I am, disrupt or abuse my phone calls, destroy my media systems, etc. at least they can't take control of the car from me or destroy the engine while I'm driving it...

rye m3 · 04-25-2011, 04:12 PM

So much for getting the 6NR BMW app option!!!

redline9001 · 04-25-2011, 04:17 PM

This is going to be my next speeding ticket defence

My car was hacked and i was not in control

Marsala125 · 04-25-2011, 04:27 PM

Quote:

Originally Posted by redline9001

This is going to be my next speeding ticket defence

My car was hacked and i was not in control

Good One

///My5UV · 04-25-2011, 05:04 PM

OK, Wow. The fact that onstar, sync, and presumably BMW SOS are on the CAN bus and you can work your way backwards through it is the first revelation that actually bothers me. All the previous stuff was limited to getting physical access to the car. Ditto the bluetooth exploit, although I'd want to know more about how they can get paired to a car without access to it.

Brainofjjj · 04-25-2011, 05:12 PM

Just about anything can be hacked given enough time. Almost every system in the world has an exploit or someone working on exploiting it.

OC3 · 04-25-2011, 05:30 PM

Wait 'til cars are operated by Windows OS, lulz

Seattle S65B40 · 04-25-2011, 05:58 PM

I wouldn't worry about it. As the article said, it took 10 researchers two years to do this, including calling the car 130 times and gaining physical access to the vehicle to first learn the pathways.

We're also talking about apples and Oranges when you're referring to GM v. BMW. It's certainly possible, but if BMW stays one step ahead, like they do with their vehicle theft features, this is a non-issue.

Nautik · 04-25-2011, 06:43 PM

Quote:

Originally Posted by Seattle S65B40

I wouldn't worry about it. As the article said, it took 10 researchers two years to do this, including calling the car 130 times and gaining physical access to the vehicle to first learn the pathways.

We're also talking about apples and Oranges when you're referring to GM v. BMW. It's certainly possible, but if BMW stays one step ahead, like they do with their vehicle theft features, this is a non-issue.

I'm hoping so. I'd just like to see something from BMW offering some type of encryption on those wireless features...

M3maniac20 · 04-25-2011, 07:49 PM

Some of the researchers were probably from BMW. lol
I'm sure whatever happens, BMW will be able to counteract it. I thought that Onstar stuff was a little sketchy when it got to the point that you could do everything from your phone....but then again, in 12 years, your phone will probably be the key to your car.

xquisit · 04-25-2011, 09:01 PM

Taken from the article:

"The team analyzed possible attack scenarios as well. For example, they showed that high-tech car thieves could search for desired models of cars, identify their locations, and unlock them, all without any forced entry. They could conduct malicious surveillance, such as forcing a car to send out its GPS location at regular intervals. They could also sabotage a car, by disabling its brakes, for example."

SenorFunkyPants · 04-26-2011, 03:43 AM

Well if BMW (connectedrive) can remotely open your cars doors then the possibility exists for anyone to do it (with access to the right data).

Jbook · 04-26-2011, 11:02 AM

Not worried by this at all

Nautik · 04-26-2011, 12:39 PM

Quote:

Originally Posted by Brainofjjj

Just about anything can be hacked given enough time. Almost every system in the world has an exploit or someone working on exploiting it.

You're absolutely right. But you can also make sure you aren't the low hanging fruit... just have to be a harder target than the next guy.

Nautik · 04-26-2011, 12:43 PM

Quote:

Originally Posted by Jbook

Not worried by this at all

I'm not worried right now either. But what about in 2 or 3 years when people are running around with apps on their smart phones messing with people's cars? It is already super easy to do with standard wireless networks, even encrypted ones.

I guess if you live in a more rural area you wouldn't care much. But if you are in a city that has a bunch of IT savvy people, better watch out!

mrkbbd · 04-26-2011, 01:05 PM

Solution: park underground, no gps signal

04-25-2011, 03:08 PM	#1
Nautik Captain 37 Rep 636 Posts Drives: 2009 AW M3 DCT Join Date: May 2010 Location: NoVA iTrader: (0)	Taking Control of an M3 by hacking it wirelessly Anyone know what BMW is doing to prevent this? If you are not familiar with what I am talking about you might want to read this article: http://www.technologyreview.com/computing/35094/?a=f It would be nice to know that BMW is making an effort to secure the wireless components of our cars... __________________ 2009 e92 M3 - AW DCT - Apex Arc8s - Corsa
	Appreciate 0 Tweet Quote

04-25-2011, 03:21 PM	#2
ADV.1 Matt Lieutenant Colonel 130 Rep 1,512 Posts Drives: N/A Join Date: Feb 2011 Location: Miami, FL iTrader: (0)	^^ Didn't even know that was possible. Very interesting (and slightly unnerving).
	Appreciate 0 Quote

04-25-2011, 03:36 PM	#3
OC3 Havin' a blast! 123 Rep 4,847 Posts Drives: 2013 M3 E92 Jerez Blk DCT ZCP Join Date: Nov 2010 Location: SoCal iTrader: (1)	We're venturing into a scary world... Pretty soon, you almost have to be a wireless/IT security expert to harden your car from external wireless attacks. __________________ BRP 1:56 \| CVR 2:01 \| ACS 1:53 \| WSIR 1:34
	Appreciate 0 Quote

04-25-2011, 04:12 PM	#5
rye m3 Lieutenant 33 Rep 489 Posts Drives: 2011.75 E92 M3 Join Date: Apr 2011 Location: New York iTrader: (2)	So much for getting the 6NR BMW app option!!!
	Appreciate 0 Quote

04-25-2011, 04:17 PM	#6
redline9001 Captain 223 Rep 979 Posts Drives: E92 M3, F15 X5, G14 F150 Join Date: Apr 2011 Location: Calgary, Canada iTrader: (0)	This is going to be my next speeding ticket defence My car was hacked and i was not in control
	Appreciate 0 Quote

04-25-2011, 05:04 PM	#8
///My5UV Lurker 78 Rep 812 Posts Drives: YMB F80, SS E90 Join Date: Nov 2010 Location: Austin iTrader: (0)	OK, Wow. The fact that onstar, sync, and presumably BMW SOS are on the CAN bus and you can work your way backwards through it is the first revelation that actually bothers me. All the previous stuff was limited to getting physical access to the car. Ditto the bluetooth exploit, although I'd want to know more about how they can get paired to a car without access to it. __________________
	Appreciate 0 Quote

04-25-2011, 05:12 PM	#9
Brainofjjj Astronaut 64 Rep 670 Posts Drives: car Join Date: Mar 2008 Location: Dallas iTrader: (5)	Just about anything can be hacked given enough time. Almost every system in the world has an exploit or someone working on exploiting it.
	Appreciate 0 Quote

04-25-2011, 05:30 PM	#10
OC3 Havin' a blast! 123 Rep 4,847 Posts Drives: 2013 M3 E92 Jerez Blk DCT ZCP Join Date: Nov 2010 Location: SoCal iTrader: (1)	Wait 'til cars are operated by Windows OS, lulz __________________ BRP 1:56 \| CVR 2:01 \| ACS 1:53 \| WSIR 1:34
	Appreciate 0 Quote

04-25-2011, 05:58 PM	#11
Seattle S65B40 Major 213 Rep 1,395 Posts Drives: 2008 e92 M3 Join Date: Jan 2011 Location: PNW iTrader: (0) Garage List 2008 BMW M3 [0.00]	I wouldn't worry about it. As the article said, it took 10 researchers two years to do this, including calling the car 130 times and gaining physical access to the vehicle to first learn the pathways. We're also talking about apples and Oranges when you're referring to GM v. BMW. It's certainly possible, but if BMW stays one step ahead, like they do with their vehicle theft features, this is a non-issue. __________________ Club 6MT 2008 E92 M3 6MT, AW/Blk Ext., brushed aluminum 2006 E46 M3 ZCP 6MT Carbon blk/blk(sold) 2001 E46 325Xi 5MT Jet Blk/Blk (sold)
	Appreciate 0 Quote

04-25-2011, 07:49 PM	#13
M3maniac20 Captain 87 Rep 725 Posts Drives: 2013 BMW 335is Coupe Join Date: Aug 2010 Location: Austin, Texas iTrader: (0)	Some of the researchers were probably from BMW. lol I'm sure whatever happens, BMW will be able to counteract it. I thought that Onstar stuff was a little sketchy when it got to the point that you could do everything from your phone....but then again, in 12 years, your phone will probably be the key to your car. __________________ 2016 340i M-Sport 6-MT(on order) 2013 335is (still have) 2011.5 M3 ZCP (traded in)
	Appreciate 0 Quote

04-25-2011, 09:01 PM	#14
xquisit «-·¨¯¯¨·-» 112 Rep 1,718 Posts Drives: 328i / R32 / 1.8T Join Date: Mar 2008 Location: Los Angeles iTrader: (4)	Taken from the article: "The team analyzed possible attack scenarios as well. For example, they showed that high-tech car thieves could search for desired models of cars, identify their locations, and unlock them, all without any forced entry. They could conduct malicious surveillance, such as forcing a car to send out its GPS location at regular intervals. They could also sabotage a car, by disabling its brakes, for example." __________________ [N51]BMW Perf. Grilles - Debadge - AA exhaust - OEM M Sport front bumper {Euro Style: Reflectors shaved off} - Medium tint - Custom Headlights - BBS LM Reps 19x8 ET32 19x10 ET30 [LCI]
	Appreciate 0 Quote

04-26-2011, 03:43 AM	#15
SenorFunkyPants Brigadier General 2511 Rep 4,381 Posts Drives: 2019 M5 Join Date: Mar 2009 Location: UK iTrader: (0)	Well if BMW (connectedrive) can remotely open your cars doors then the possibility exists for anyone to do it (with access to the right data).
	Appreciate 0 Quote

04-26-2011, 11:02 AM	#16
Jbook Lieutenant Colonel 163 Rep 1,506 Posts Drives: '15 FO M4 Join Date: Sep 2010 Location: NorCal Bay Area iTrader: (23) Garage List 2011 BMW E90 M3 [9.44]	Not worried by this at all
	Appreciate 0 Quote

04-26-2011, 01:05 PM	#19
mrkbbd Lieutenant 10 Rep 483 Posts Drives: e92 M3 DCT Join Date: Oct 2009 Location: VA/FL iTrader: (0) Garage List 2008 Mercedes E63AMG [0.00] 2009 M3 [0.00]	Solution: park underground, no gps signal __________________ 2006 e53 X5 4.8is (sold) 2009 e92 M3 2008 E63 AMG
	Appreciate 0 Quote