http://www.theregister.co.uk/2014/05/27/bmw_password_security_shortcomings/
By John Leyden
The Register
27 May 2014
Exclusive New BMW cars have security shortcomings that could allow thieves
to pop open a victim's flash motor from a smartphone.
Ken Munro, a partner at Pen Test Partners, uncovered security issues in
the systems that pair the latest generation of beamers with owners'
mobiles. By stringing together the flaws, a crook could open doors,
windows and the boot, and leave the lights on for an added headache.
Preliminary findings from the ongoing research – which El Reg passed onto
BMW last month – suggest it may be possible to determine the usernames of
drivers through social networks, and then use a mix of social engineering
and other techniques to gain access to vehicles – or trick BMW into
suspending security protections, clearing the way for other attacks.
The car manufacturer said it had passed Munro's research onto its people
in Germany, and played down any risk. "If it was an issue then it's solved
now," a spokesman told The Register. It's understood the company has added
an extra layer of protection: a new check for a PIN when accessing the
mobile application.
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
