Regular readers of Scamicide will remember that I have written much about the Internet of Things and the problems it poses for scams and identity theft. As more and more products and devices include a convenient connection to the Internet that permits, for instance, people to remotely control the heating and cooling systems in their homes, the problem of criminals hacking into these devices for illegal purposes has increased dramatically. Unfortunately, as many of these products, including our cars, are having Internet capabilities built into the products, not enough care has gone into developing proper security. A German automobile club has discovered a security vulnerability in BMW’s Connected Drive system, which could be exploited to unlock several models of BMW cars.
In addition, earlier this week, Massachusetts Senator Edward Markey’s office issued a report that determined that the efforts of automakers around the world to prevent hackers from gaining control of cars electronically were “inconsistent and haphazard.” Further, Markey concluded that most automakers did not even have systems for either detecting security breaches or responding to those breaches.
Fortunately, BMW will be remotely sending out 2.2 million software patches to correct this security flaw by adding https encyption to the car’s electronic communications that will prevent the car from accepting connections from servers without the appropriate security certificate. I expect that we will be hearing much more about the vulnerability of the Internet of Things in the months ahead. As consumers we should ask the makers of any Internet connected product or device that we use about the security precautions they are taking and what we should be doing.