While a BMW is arguably one of the safest cars you can buy in terms of performance, it's not especially secure when it comes to wireless features. German automotive researchers recently confirmed that malefactors can take advantage of BMW's ConnectedDrive feature to use a smartphone to break into almost any BMW, Mini or Rolls-Royce vehicle that comes equipped with ConnectedDrive.
About 2.2 million vehicles equipped with BMW Group’s ConnectedDrive service were vulnerable, ADAC said.
The carmaker said it upgraded the system to close the security gap and that the software update will take place automatically when vehicle connects to BMW's server.
"The BMW Group has responded promptly and increased the security," the company said in a statement. While BMW said the flaw wouldn't have made it possible to drive off in the car, the security gap highlights risks associated with the increase in digital services in cars. Wireless-enabled features such as remote access or pre-heating the interior on a cold winter morning require new layers of security systems to safeguard the customer and the vehicle.
Cars at risk included models with ConnectedDrive such as the Rolls-Royce Phantom, Mini hatchback and most BMWs, including the i3 electric-car. The vehicles were produced between March 2010 and December 2014, ADAC said. BMW said that it wasn't aware of any cases in which the flaw was exploited.