By tapping into a security flaw in a digital-service system, hackers could wirelessly open BMW, Mini and Rolls-Royce vehicles in minutes, according to a report by German auto club ADAC.

About 2.2 million vehicles equipped with BMW’s ConnectedDrive service were vulnerable, ADAC said. 

The Munich-based carmaker said it upgraded the system to close the security gap and that the software update will take place automatically when a vehicle connects to BMW’s server.

“The BMW group has responded promptly and increased the security,” the company said in a statement.

While BMW said the flaw wouldn’t have made it possible to drive off in the car, the security gap highlights risks associated with the increase in digital services in cars. Wireless-enabled features such as remote access or pre-heating the interior on a cold winter morning require new layers of security systems to safeguard the customer and the vehicle.

The increasing use of electronics allowed hackers to reprogram access codes from on-board computers a few years ago. That put vehicles at risk of theft until car companies including BMW boosted security.

Cars shown to be vulnerable in the ADAC study included models with ConnectedDrive such as the Rolls-Royce Phantom, Mini hatchback and most BMWs, including the i3 electric car. The vehicles were produced between March 2010 and December 2014, ADAC said.

BMW said that it wasn’t aware of any cases in which the flaw was exploited. 

(Bloomberg)