— Certain BMW vehicles have security gaps that could allow hackers to mess with the cars, even from hundreds of yards away.
Fortunately, these were friendly hackers who identified 14 security vulnerabilities in the vehicles by using various methods, including by Bluetooth wireless and the vehicles' data links.
Additionally, BMW allowed researchers physical access to the vehicles and discovered hackers could plug infected USB devices directly into the vehicles and take control from drivers.
Researchers from Tencent Keen Security Lab say they found vulnerabilities in the central gateway modules, head units and telematics control units. According to Keen Security, their researchers had success by going through security gaps of the infotainment systems.
Affected models include the BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series and BMW 7 Series going back to 2012.
Hackers could partially take control of a vehicle as the car was moving by sending diagnostic messages to the cars. It may not make BMW look too good, but the automaker says that's the point of allowing security researchers the chance to hack the vehicles.
BMW says the research is the most complex and comprehensive testing ever conducted on BMW cars by outside researchers. Saying it was "outstanding research work," BMW awarded Tencent Keen Security Lab the "BMW Group Digitalization and IT Research Award."
BMW says countermeasures for security attacks through cellular networks started rolling out in April 2018. The fixes comprise updates sent remotely to the affected vehicles. Other measures will come through BMW dealers in the form of software updates, but the automaker didn't release details about potential recalls.