Just found an article on AOL regarding Bluetooth technology and viruses. 2nd. paragraph deals with BMW's idrive. The article was long but I just posted some of it. Interesting read for all that have GPS, etc. installed in their BMW's


Are Your Car?s Electronics Safe?
By ERIC PETERS


Most people don't realize how "wired" every modern car is -- with a computer controlling everything from basic engine operation to when and how firmly the transmission shifts to the operation of things like cruise control. Many new cars are also equipped with onboard (and computer-controlled) navigation and communication systems that interface with cell phones, PDAs -- even the Internet.


The concern is that this electronic back-and-forth with the outside world -- and wireless communication systems -- could enable a hacker to access a vehicle's onboard systems and infect them with a computer virus. Many of these systems (for example, BMW's iDrive interface, which uses a "mouse" on the car's center console to control a menu of in-car operations) are based on a version of Microsoft software -- and anyone using Windows online knows all about viruses and the havoc they can wreak.


Bluetooth short-range wireless communication technology -- which among other things enables drivers to access cell phone-based address books with their in-car phones -- was tested recently to see whether a virus could be introduced into a vehicle's onboard electronic systems.

A Toyota Prius hybrid -- one of the most intensively "wired" vehicles currently on the road -- was used for the test. Researchers with the Finnish computer security firm F-Secure tried to introduce multiple versions of the Cabir virus -- a worm released in 2004 that targeted cell phones and PDAs -- into the Prius via Bluetooth wireless interaction with the car's onboard systems.


The good news is that nothing happened.


"No matter what we did the car did not react to the Bluetooth traffic at all," said F-Secure's Jarno Niemela. In fact, the researchers weren't even able to get the Cabir virus into the car's operating systems when they used a special program designed to transfer the corrupted file.


These tests confirmed Toyota's insistence that claims its vehicles were susceptible to being hacked into via phone viruses traveling over the Bluetooth system are unfounded.


At least so far.


Many computer experts believe the very nature of onboard technology makes it as vulnerable as any desktop computer, laptop, PDA or smartphone that's connected to or communicates with the online world -- especially the wireless online world.

Thanks for sharing...that will be my evening reading...

This is actually well discussed in the WiFi and mobile tech industry. Some sample discussion can be found here and a pretty good write-up on this security forum

Yeah, no doubt, scary stuff. You would think people have better things to do with their time (and talent).

What happened to devices asking for passwords before initiating any type of actions? My old motorola V600 I believe (the numbers are worn off). But whenever I forget my password for my cell I cant access my Mac or vice versa'. Just curious.

This was also discussed a bit here on these forums way back in June of 2004...

http://forums.e60.net/index.php?showtopic=1356

Interesting... you started more than one topic on this issue...

See here too Post #4... very important!!!

http://forums.e60.net/index.php?show...14503&hl=virus

another one here... not started by Rudy tho.

http://forums.e60.net/index.php?showtopic=6739&hl=virus

Oh yeah, I forgot about those other one's and didn't search past the first one I found...

Thanks for linking to them!

Of course of course... anything for Rudy. :thumbsup:

Like many computer security articles, this strikes me as FUD.

i-drive does indeed use a (very hacked) version of Win/VxWorks - but this bears no relation to Windows XP for example - the notion that it's inherently insecure is total b*ll*cks.

Regarding bluetooth - the car has to be paired with a device before it will talk with it, or nothing happens. Also, bluetooth is only active in your e60 when the ignition is on, I.E you'll likely be driving it at the time.

So unless some cracker can come up with a way of a) hijacking my bluetooth, b) hacking i-drive and c) do this whilst I'm driving past them, then I'll be sleeping easy :)

Right. I shudder when I think about the fingernail-scraping grasp tech writers have on the world they're bringing to the masses. I often wonder what other areas of reportage this extends to... (medical reporting?) But I digress.

There are no fewer than 7 different operating systems in the E60, and as shiny so accurately pointed out, VXWorks is at the core. VXWorks went to Mars. No, not Mars, PA... the planet Mars. The spooks where I work can do some gnarly stuff with regard to bluetooth, but insertinig a virus or piece of runtime code onto our cars is pretty unlikely. Oddly enough, the WinCE devices are the only ones that have been cured of the early Bluetooth bugs - I've seen sweeps, the ones that don't show vulnerabilities are running CE.


Even without vulnerabilities, there are brute force methods of inserting yourself into bluetooth communications, but those are no longer Microsoft issues. They are issues with the spec itself.