The problem is the app: Using the iOS application iRemote and the associated portal ConnectedDrive hacker could open doors and windows of the electric cars i3 and i8 plug-in sports car and the vehicles locations. The security analyst Ken Munro used a chain of vulnerabilities to gain unauthorized access to the vehicles , reports the IT magazine Chip .
First Munro need the user name. Well an easy , since BMW automatically forgive the username of iRemote App in the format " firstname.lastname " . As attacker could you , such as writing on Facebook or Twitter, make i3 and i8 owners easily . About the password entry to let then verify whether a name actually exists for a iRemote account: For an existing user name after five incorrect password attempts , the account is locked.
Well Munro use of vulnerability two : BMW mailing at a lock of the account only five letters long reset password, which let easily be cracked by brute- force attacks , as there are always some users , do not change what reset passwords, and with these relatively unsafe move. Munro led this test successfully at the BMW i3 by a friend .
Known problem , already solved by BMW
On request of chip assured spokeswoman for ConnectedDrive BMW , Silke Brigl that this vulnerability had been during standard optimization runs already discovered and fixed, even before the publication of Munros safety analysis. The changes would now be rolled out gradually around the world.
Passwords for iRemote must therefore henceforth be at least 8 characters long and combine letters and numbers. Also, you 'll send no unsafe reset codes more about SMS, but only a reset link via e -mail. And also the user name could no longer be so easy to guess , because he future is arbitrary and no longer consists of first name and last name .
Just recently, BMW had increased the safety of iRemote with an additional PIN lock . This should in the case of mobile phone loss be sure the app and thus the car.
