BMW's latest electronic security system could be bypassed by thieves wielding little more than a typical smartphone.
Whilst the system is a rather involved one, it could allow enterprising crooks to open a vehicle's doors, windows and boot. It works by using the new 'iRemote' system on i3 and i8 vehicles. This app enables owners to control certain aspects of their vehicle remotely, such as turning on the heating, so it's nice and warm when they come to get in.
These features aren't impervious to cracking, though, as one security expert appears to have already broken them, scmagazineuk.com reports.
Ken Munro of Pen Test Partners discovered that social networks can be used to determine the usernames of i3 and i8 drivers. Then, using additional techniques such as social engineering, criminals can be furnished with the passwords needed to unlock their target vehicle.
Another way around it would be to use the information gleaned to trick BMW into suspending its security precautions, which will open the vehicle up to many more attacks.
Munro took on the challenge after learning that similar attacks were possible for a rather expensive Tesla that has recently been released.
Explaining his method, Munro told theregister.co.uk: "iRemote allows owners to monitor battery life, potential range on a map, plus the ability to lock/unlock the car and turn on pre-heating/cooling, like the standard Connected Drive app.
"The BMW approach seems to be a fair bit more secure than the Tesla approach. They've clearly given the process quite a bit of thought, certainly more than Tesla, though perhaps not quite enough."