Maximum number of cars added to compare list.

What's your postcode?

We need your postcode in order to provide accurate search results.

Enquire

Enter your first name
Enter your last name
Enter your phone number

Got a part exchange?

Tell us your reg plate and receive a part exchange valuation on your car?

What's this?

Compare cars side by side to save time clicking backwards and forwards between them.

Carmakers urged to accelerate drive to keep vehicle data secureBack

Mini1A UK government adviser has warned that car manufacturers are paying insufficient attention to keeping vehicle technology secure after it emerged that BMW took five months to fix a basic software glitch affecting millions of Mini and Rolls-Royce models.

The German ADAC motoring association told BMW in July last year that it had discovered a flaw in the Bavarian carmaker’s ConnectedDrive software, which allows the car to wirelessly transmit and receive data and also enables an app that can unlock the car using the driver’s smartphone.

The glitch meant that some 2.2m BMW vehicles equipped with the technology worldwide — including Mini and Rolls-Royce cars — could potentially be remotely unlocked by hackers in minutes.

But it was not until December 8 that the BMW carmaker began fixing the flaw through wireless updates that switched on a basic security protocol commonly used for online banking and web page authentication.

“The need to get things to market quickly, the constant need to deliver new functionality, is resulting in insufficient attention being paid to making the software trustworthy,” said Tony Dyhouse, director at the government-led Trustworthy Software Initiative, which works with the Business department and the Centre for Protection of Critical National Infrastructure.

“It’s pretty basic common sense to encrypt communications,” he added. “Why wasn’t a company like BMW doing that?”

BMW said it had taken “swift action in developing a fix for the software issue as soon as it was identified and applied it to all affected vehicles”, and that reprogramming began well before December. It added that while it was relatively straightforward to roll out the patch for the vehicles, it was much harder to develop the fix.

It has also said it was not aware of any instances of the flaw being exploited. “BMW continually updates its security software systems in response to new threats that arise,” the carmaker said.

But the news will cause concern as carmakers worldwide wrestle with the challenge of creating increasingly sophisticated vehicles in an attempt to stay ahead in the era of the connected car.

Vast technological change in the industry, as well as the pressure of new entrants into the sector, such as Google, is pushing manufacturers into new areas of software and big data.

Although there are no known instances of a car being commandeered remotely by hackers, vehicles have been “hacked” in trial settings by researchers.

But Mr Dyhouse said it was wrong to assume a public car hacking had not happened. “In many cases, the definition of a good hack is it’s not discovered,” he said.

The warning came after two US senators last week proposed legislation that would establish federal standards for cyber security in cars. One of the senators, Ed Markey, had earlier published a report that found widespread failings in security and customer privacy in the wireless car technology employed by 16 manufacturers involved in the study.

“We need the electronic equivalent of seat belts and airbags to keep drivers and their information safe in the 21st century,” said Mr Markey.

Posted by Sue Robinson on 20/02/2015