The ADAC (German equivalent of the AA) asked Heise Press (well respected computer magazine publisher) to find them an expert to look into what the cars were sending home to BMW.
Heise found an expert and lo and behold, he found, like Superfish last week, that BMW uses the same private key for all BMWs with ConnectedDrive! That means any car set-up to use the smartphone-to-unlock feature can be overridden! I read the article in German a couple of weeks ago, but I just found out that they have a translated version and it is no longer behind their paywall (subscribers get exclusive access for the first 2 weeks, then it is free for everyone).
http://www.heise.de/ct/artikel/Beemer-O ... 40957.htmlBasically the modem chip does the encryption, uses weak security and can be hacked by a MitM attack using a Linux laptop with 3G/4G card. It took the security expert a while, he had to dismantle a working ConnectedDrive box and do some real work, but he found the weaknesses and could open BMWs easily.
You need to do some real hardware hacking to get the information, but once you have it, you can open any BMW that uses ConnectedDrive - the ones with the complete Infotainment system aren't susceptible to this attack, according to the security specialist.
</tinfoil hat>
.