BMW has mended a security flaw in its ConnectedDrive car connectivity system that affected 2.2 million cars, including Rolls-Royce and Mini cars, the company announced on Friday.
It concerned software in the car that would have allowed hackers to open car doors. It highlights a oft-voiced concern around connected home products -- sometimes called the Internet of Things -- that household items would become vulnerable to malware or hacking.
The update happens automatically, as soon as the vehicle connects to BMW's servers, and includes the addition of HTTPS -- the secure version of hypertext transfer protocol -- to data transmissions via the ConnectedDrive system.
A German automobile group called ADAC discovered the security flaw last year, opting to wait to disclose the discovery until BMW worked out a fix. The flaw has not been used in any attempted cyberattacks, according to both ADAC and BMW.
"Access to functions relevant to driving was excluded at all times," reads a BMW news release. "There was no need for vehicles to go to the workshop."
BMW published a news release applauding itself for a prompt response to the problem. Of course, not everyone thinks so highly of BMW's actions.
Graham Cluley, a security researcher, believes that HTTPS -- a very common Internet security measure -- should have already been on BMW's radar for ConnectedDrive before this even happened.
"Yes, it’s good that BMW has fixed the problem," Cluley wrote on his blog. "But frankly I think they’re being a little disingenuous talking about 'rapid response' if this issue was first brought to their attention in the middle of last year."
BONUS: What is the Internet of Things?