This site uses cookies. By accepting cookies you can optimise your browsing experience.


Security loopholes in BMW’s Connected Drive

Thursday, 05 February 2015

Security loopholes found in BMW’s Connected Drive Telematics system – FIGIEFA supports the creation of an interoperable and secure telematics platform for connected vehicles that incorporates state-of-the-art technology and at the same time addresses the competition challenge created by closed proprietary systems.
* * * * Security flaws exposed in BMW’s Connected Drive system illustrate how closed, proprietary telematics systems do not necessarily ensure 100% data security, nor are they necessarily based on state of the art security standards. FIGIEFA advocates the creation of an interoperable, standardised and secure telematics platform, as suggested in the new eCall Regulation . Such an in-vehicle platform would ensure security through state of the art standards (including validation by impartial expert authorities), as well as maintaining today’s competitive services offered by aftermarket operators into the new digital age.

On 30 January, the FIA published the findings of a study performed by the German Automobile Club (ADAC) which revealed security loopholes in BMW vehicles equipped with Connected Drive telematics technologies. These flaws in the software would have allowed thieves to unlock doors and track car data through a mobile phone without leaving a trace.

While BMW announced that these security loopholes were closed by the end of January 2015, the incident exemplifies the deficiencies in vehicle manufacturers’ arguments in current debates in Brussels that only vehicle manufacturers’ closed proprietary systems are truly secure.

FIGIEFA, together with a wide alliance of consumer, automotive aftermarket, insurance and leasing company federations, has long advocated for secure, interoperable networks for vehicle connectivity. This proposal has been taken up as a principle by the new European eCall Regulation, which is particularly pertinent, as it makes the installation of the automatic new emergency call mandatory by 2018.

Sylvia Gotzen, Secretary General of FIGIEFA, underlined, ‘An interoperable, standardised, secure telematics platform, as suggested by the eCall Regulation, can provide a secure and open access telematics telematics system and maintain an independent aftermarket necessary for competitive and innovative services, to the benefit of consumers, business and affordable mobility in the EU. We call upon the European legislator to swiftly carry out the mandate received through the eCall Regulation and to avoid delays in the technical implementation‘.


The advent of vehicle telematics – connecting the car wirelessly – is a game-changing development, providing many advantages to consumers and businesses, but also threatening the current level playing field in the automotive aftermarket. Currently, independent operators, such as e.g. repairers, road-patrols or leasing companies do not get the same wireless access to the vehicle’s technical data as vehicle manufacturers enjoy. This allows vehicle manufacturers to choose which companies eventually receive the data, under what conditions and timescales, and what services are allowed to be offered to consumers – thereby giving them an exclusive control over their vehicles’ data.

As a result, there is the threat of a monopolisation over the important ‘online’ data, crucial to ascertain the ‘health status’ of the vehicle when it is being driven and vital for the independent AutoService sector to continue to provide competitive, new and innovative services.

To counter this threat, whilst maintaining the potential advantages inherent in this technological advance, FIGIEFA and the sector alliance have developed the interoperable, standardised, secure platform concept. The interoperable in-vehicle platform would allow drivers to choose to whom they send their vehicle data, and under what terms and conditions, whilst maintaining the highest – constantly updated, state of the art – security standards for both communication to and from the vehicle, as well as within the vehicle. The required levels of safety and security would be further strengthened through the validation of applications by an independent authority prior to them being implemented. Together, these measures would provide a complete safety and security structure whenever communicating or exchanging data with the vehicle.