宝马ConnectedDrive让我能够控制我归还的租车(Sixt)。
上周我从Sixt(意大利)租了一辆BMW。<p>默认的租车驾驶员配置文件禁用了蓝牙,所以我创建了自己的BMW ID,将其与车辆配对,删除了现有的配置文件,甚至触发了软件更新。<p>在还车时,我告诉Sixt的工作人员我已经链接了我的BMW ID,他们向我保证车辆会被重置。<p>今天——在删除“My BMW”应用程序之前出于好奇我检查了一下。<p>惊喜的是:我仍然拥有完全的远程访问权限:<p>- 实时位置追踪<p>- 远程锁定/解锁<p>- 按喇叭(呵呵)<p>- 开/关转向灯<p>此时,车辆可能已经租给了其他人。我可以追踪新租户的位置并远程与车辆互动。<p>在我看来,这暴露了一个严重的安全/隐私问题:<p>- BMW ConnectedDrive仍将我的账户与车辆的VIN关联<p>- Sixt的重置程序并没有撤销我对BMW ID的访问权限<p>我怀疑这可能不仅限于Sixt,如果没有进行适当的后端解除关联,其他使用ConnectedDrive的租车公司也可能受到影响。<p>BMW通过ConnectedDrive Fleet Services允许车队集成,但我想知道全球有多少租赁车辆仍然与之前租户的ID关联。
查看原文
Last week I rented a BMW from Sixt (Italy).<p>The default rental driver profile had Bluetooth disabled, so I created my own BMW ID, paired it with the car, removed the existing profile, and even triggered software updates.<p>When returning the car, I told the Sixt representative that I had linked my BMW ID — they assured me that the vehicle would be reset.<p>Today — just before deleting the “My BMW” app — I checked out of curiosity.<p>Surprise: I still had full remote access:<p>- live location tracking<p>- remote lock/unlock<p>- honking (hehe)<p>- turn lights on/off<p>At this point, the car was presumably already rented to someone else. I could track the new renter’s location and remotely interact with the car.<p>IMO, this exposes a serious security/privacy issue:<p>- BMW ConnectedDrive still had my account associated to the vehicle VIN<p>- Sixt’s reset procedure didn’t revoke my BMW ID access<p>I suspect this may not be limited to Sixt, but could affect other rental fleets using ConnectedDrive if proper backend disassociation isn’t done.<p>BMW allows fleet integrations via ConnectedDrive Fleet Services, but I wonder how many rental cars globally still have previous renters’ IDs attached.