A security vulnerability in BMW’s Connected Drive system allowed researchers to imitate BMW servers and send remote unlocking instructions to vehicles.
The problem was discovered by the Allgemeiner Deutscher Automobil-Club (ADAC), a German motoring association, and was verified on several models of BMW cars.
The attack took advantage of a feature that allows drivers who have been locked out of their vehicles to request remote unlocking of their car from a BMW assistance line.
“They were able to reverse engineer some of the software that we use for our telematics,” said Dave Buchko , a BMW spokesman. “With that they were able to mimic the BMW server.