BMW API restrictions: Difference between revisions
Added archive URLs for 18 citation(s) using CRWCitationBot |
Added archive URLs for 4 citation(s) using CRWCitationBot |
||
| Line 13: | Line 13: | ||
BMW ConnectedDrive is a subscription-based service that provides remote access to [[BMW]] vehicles through mobile applications & APIs, with tiers ranging from $50 to $150 per year after a free 3-year period.<ref>{{cite web |last=Wilkinson |first=Rick |date=2025-06-27 |title=What You're Really Paying For With BMW ConnectedDrive |url=https://www.bimmer-mag.com/bmw-connected-drive-price/ |url-status=live |archive-url=https://web.archive.org/web/20251010090329/https://www.bimmer-mag.com/bmw-connected-drive-price/ |archive-date=10 Oct 2025 |access-date=2025-01-01 |website=Bimmer Mag}}</ref> The service enables features such as remote climate control, vehicle location tracking, & electric car charging management through BMW's official mobile applications.<ref>{{cite web |date=2025-01-01 |title=BMW ConnectedDrive App Subscription Products, Store and Services |url=https://www.bmwusa.com/explore/connecteddrive.html |url-status=live |archive-url=https://web.archive.org/web/20250914161417/https://www.bmwusa.com/explore/connecteddrive.html |archive-date=14 Sep 2025 |access-date=2025-01-01 |website=BMW USA}}</ref> | BMW ConnectedDrive is a subscription-based service that provides remote access to [[BMW]] vehicles through mobile applications & APIs, with tiers ranging from $50 to $150 per year after a free 3-year period.<ref>{{cite web |last=Wilkinson |first=Rick |date=2025-06-27 |title=What You're Really Paying For With BMW ConnectedDrive |url=https://www.bimmer-mag.com/bmw-connected-drive-price/ |url-status=live |archive-url=https://web.archive.org/web/20251010090329/https://www.bimmer-mag.com/bmw-connected-drive-price/ |archive-date=10 Oct 2025 |access-date=2025-01-01 |website=Bimmer Mag}}</ref> The service enables features such as remote climate control, vehicle location tracking, & electric car charging management through BMW's official mobile applications.<ref>{{cite web |date=2025-01-01 |title=BMW ConnectedDrive App Subscription Products, Store and Services |url=https://www.bmwusa.com/explore/connecteddrive.html |url-status=live |archive-url=https://web.archive.org/web/20250914161417/https://www.bmwusa.com/explore/connecteddrive.html |archive-date=14 Sep 2025 |access-date=2025-01-01 |website=BMW USA}}</ref> | ||
Home Assistant is an open-source home automation platform that allows users to integrate various smart home devices & services, including vehicle data through manufacturer APIs, with over 5000+ users of the BMW integration as of September 4th, 2025<ref>{{Cite web |title=Integrations {{!}} Home Assistant Analytics |url=https://analytics.home-assistant.io/integrations/}}</ref>. This number only counts users who did not turn off analytics. | Home Assistant is an open-source home automation platform that allows users to integrate various smart home devices & services, including vehicle data through manufacturer APIs, with over 5000+ users of the BMW integration as of September 4th, 2025<ref>{{Cite web |title=Integrations {{!}} Home Assistant Analytics |url=https://analytics.home-assistant.io/integrations/}} ([http://web.archive.org/web/20260114173133/https://analytics.home-assistant.io/integrations/ Archived])</ref>. This number only counts users who did not turn off analytics. | ||
According to discussions on the BMW i4 Forum, many BMW electric car users use this integration to optimize charging based on solar panel production, time-of-use electricity rates, & home energy management systems.<ref>{{cite web |date=2024-05-20 |title=Smarter Charging with Home Assistant |url=https://www.i4talk.com/threads/smarter-charging-with-home-assistant.5441/ |url-status=live |archive-url=https://web.archive.org/web/20240430184320/https://www.i4talk.com/threads/smarter-charging-with-home-assistant.5441/ |archive-date=30 Apr 2024 |access-date=2025-01-01 |website=BMW i4 Forum}}</ref> The integration was highly valued by users who paid for BMW's ConnectedDrive subscriptions & expected to maintain API access for their automation needs. | According to discussions on the BMW i4 Forum, many BMW electric car users use this integration to optimize charging based on solar panel production, time-of-use electricity rates, & home energy management systems.<ref>{{cite web |date=2024-05-20 |title=Smarter Charging with Home Assistant |url=https://www.i4talk.com/threads/smarter-charging-with-home-assistant.5441/ |url-status=live |archive-url=https://web.archive.org/web/20240430184320/https://www.i4talk.com/threads/smarter-charging-with-home-assistant.5441/ |archive-date=30 Apr 2024 |access-date=2025-01-01 |website=BMW i4 Forum}}</ref> The integration was highly valued by users who paid for BMW's ConnectedDrive subscriptions & expected to maintain API access for their automation needs. | ||
| Line 66: | Line 66: | ||
===Multiple vehicle vulnerabilities (2018)=== | ===Multiple vehicle vulnerabilities (2018)=== | ||
Keen Security Lab researchers identified 14 vulnerabilities affecting BMW i Series, X Series, 3 Series, 5 Series & 7 Series vehicles. The flaws enabled both local & remote attacks on infotainment systems, Telematics Control Units, & CAN bus controls.<ref>{{cite web |title=BMW Fixes Security Flaws in Several Well-Known Car Models |website=Bleeping Computer |date=2018-05-23 |url=https://www.bleepingcomputer.com/news/security/bmw-fixes-security-flaws-in-several-well-known-car-models/ |access-date=2025-01-01}}</ref> Six vulnerabilities could be exploited remotely via Bluetooth & cellular networks without authentication. | Keen Security Lab researchers identified 14 vulnerabilities affecting BMW i Series, X Series, 3 Series, 5 Series & 7 Series vehicles. The flaws enabled both local & remote attacks on infotainment systems, Telematics Control Units, & CAN bus controls.<ref>{{cite web |title=BMW Fixes Security Flaws in Several Well-Known Car Models |website=Bleeping Computer |date=2018-05-23 |url=https://www.bleepingcomputer.com/news/security/bmw-fixes-security-flaws-in-several-well-known-car-models/ |access-date=2025-01-01 |archive-url=http://web.archive.org/web/20250911132913/https://www.bleepingcomputer.com/news/security/bmw-fixes-security-flaws-in-several-well-known-car-models/ |archive-date=11 Sep 2025}}</ref> Six vulnerabilities could be exploited remotely via Bluetooth & cellular networks without authentication. | ||
===APT infiltration (2019)=== | ===APT infiltration (2019)=== | ||
The Vietnamese state-sponsored hacking group OceanLotus (APT32) breached BMW's corporate networks & remained undetected from March 2019 until December 2019. The attackers deployed Cobalt Strike malware for espionage & remote control.<ref>{{cite web |title=BMW Infiltrated by Hackers Hunting for Automotive Trade Secrets |website=Bleeping Computer |date=2019-12-06 |url=https://www.bleepingcomputer.com/news/security/bmw-infiltrated-by-hackers-hunting-for-automotive-trade-secrets/ |access-date=2025-01-01}}</ref> BMW's security team discovered the breach but monitored the hackers for months before finally removing them from the network.<ref>{{cite web |title=BMW Hacked - OceanLotus Hackers Group Penetrate the BMW Networks |website=GBHackers |date=2019-12-07 |url=https://gbhackers.com/bmw-hacked/ |access-date=2025-01-01 |url-status=live |archive-url=http://web.archive.org/web/20250615211728/https://gbhackers.com/bmw-hacked/ |archive-date=15 Jun 2025}}</ref> | The Vietnamese state-sponsored hacking group OceanLotus (APT32) breached BMW's corporate networks & remained undetected from March 2019 until December 2019. The attackers deployed Cobalt Strike malware for espionage & remote control.<ref>{{cite web |title=BMW Infiltrated by Hackers Hunting for Automotive Trade Secrets |website=Bleeping Computer |date=2019-12-06 |url=https://www.bleepingcomputer.com/news/security/bmw-infiltrated-by-hackers-hunting-for-automotive-trade-secrets/ |access-date=2025-01-01 |archive-url=http://web.archive.org/web/20251212110922/https://www.bleepingcomputer.com/news/security/bmw-infiltrated-by-hackers-hunting-for-automotive-trade-secrets/ |archive-date=12 Dec 2025}}</ref> BMW's security team discovered the breach but monitored the hackers for months before finally removing them from the network.<ref>{{cite web |title=BMW Hacked - OceanLotus Hackers Group Penetrate the BMW Networks |website=GBHackers |date=2019-12-07 |url=https://gbhackers.com/bmw-hacked/ |access-date=2025-01-01 |url-status=live |archive-url=http://web.archive.org/web/20250615211728/https://gbhackers.com/bmw-hacked/ |archive-date=15 Jun 2025}}</ref> | ||
===UK customer database breach (2020)=== | ===UK customer database breach (2020)=== | ||
| Line 84: | Line 84: | ||
===BMW Financial Services breach (2025)=== | ===BMW Financial Services breach (2025)=== | ||
In February 2025, BMW Financial Services North America reported a breach via its vendor AIS InfoSource LP affecting nearly 2,000 individuals, with exposed data including names, Social Security numbers, account numbers & more.<ref>{{cite web |title=BMW Financial Services Data Breach Affects Nearly 2,000 Customers |website=Claim Depot |date=2025-03-01 |url=https://www.claimdepot.com/investigations/bmw-financial-services-data-breach-2025 |access-date=2025-09-04}}</ref> | In February 2025, BMW Financial Services North America reported a breach via its vendor AIS InfoSource LP affecting nearly 2,000 individuals, with exposed data including names, Social Security numbers, account numbers & more.<ref>{{cite web |title=BMW Financial Services Data Breach Affects Nearly 2,000 Customers |website=Claim Depot |date=2025-03-01 |url=https://www.claimdepot.com/investigations/bmw-financial-services-data-breach-2025 |access-date=2025-09-04 |archive-url=https://web.archive.org/web/20260223033903/https://www.claimdepot.com/data-breach/bmw-financial-services |archive-date=23 Feb 2026}}</ref> | ||
===Pattern of security failures=== | ===Pattern of security failures=== | ||