If you ’ re a BMW owner , prepare to patch ! Chinese researchers have found Vulnerability-related.DiscoverVulnerability 14 security vulnerabilities affecting Vulnerability-related.DiscoverVulnerability many models . The ranges affected Vulnerability-related.DiscoverVulnerability ( some as far back as 2012 ) are the BMW i Series , X Series , 3 Series , 5 Series and 7 Series , with a total of seven rated serious enough to be assigned CVE Vulnerability-related.DiscoverVulnerability numbers . The vulnerabilities are in in the Telematics Control Unit ( TCU ) , the Central Gateway Module , and Head Unit , across a range of interfaces including via GSM , BMW Remote Service , BMW ConnectedDrive , Remote Diagnosis , NGTP , Bluetooth , and the USB/OBD-II interfaces . Some require local access ( e.g . via USB ) to exploit but six including the Bluetooth flaw were accessible remotely , making them the most serious . Should owners worry that the flaws could be exploited Vulnerability-related.DiscoverVulnerability , endangering drivers and vehicles ? On the basis of the technical description , that seems unlikely , although Keen Lab won ’ t release the full proof-of-concept code until 2019 . Keen Lab described the effect of its hacking as allowing it to carry out : The execution of arbitrary , unauthorized diagnostic requests of BMW in-car systems remotely . To which BMW responded : BMW Group has already implemented security measures , which are currently being rolled out via over-the-air configuration updates . Additional security enhancements for the affected infotainment systems are being developed Vulnerability-related.PatchVulnerability and will be available Vulnerability-related.PatchVulnerability as software updates for customers . In other words , some fixes have already been made Vulnerability-related.PatchVulnerability , while others will be made Vulnerability-related.PatchVulnerability between now and early 2019 , potentially requiring a trip to a service centre . Full marks to BMW for promptly responding to the research but the press release issued Vulnerability-related.PatchVulnerability in its wake reads like PR spin . To most outsiders , this is a case of Chinese white hats finding Vulnerability-related.DiscoverVulnerability vulnerabilities in BMW ’ s in-car systems . To BMW , judging by the triumphant language of its press release , it ’ s as if this was the plan all along , right down to awarding Keen Lab the “ first-ever BMW Group Digitalization and IT Research Award. ” More likely , car makers are being caught out by the attention their in-car systems are getting from researchers , with Volkswagen Audi Group experiencing some of the same discomfort a couple of weeks ago at the hands of Dutch researchers . BMW has experienced this before too – three years ago it suffered Vulnerability-related.DiscoverVulnerability an embarrassing security flaw in its car ConnectedDrive software door-locking systems . Let ’ s not feel too sorry for the car makers because it ’ s the owners who face the biggest adjustment to their expectations – software flaws and patching Vulnerability-related.PatchVulnerability are no longer just for computers .