Discovering BMW Car Systems: Getting Started

Since I love both (in)security and cars, it is not uncommon for me to mix those things on a regular basis. I am a very happy owner of a beautiful BMW F30 (chassis code) 320i 2013, so far, my second bimmer. This is a 2.0 turbo four-cylinder engine producing 184hp and 270Nm, it is quite a nice ride.

It is no surprise that newer cars use many electronic elements inside and my car is not an exception: there are two components that one could possibly take control of: the ECU (Engine Control Unit) and the BMWi Drive.

ECU(Engine Control Unit)

ECU is a common hardware on all cars and is being around for a long time. It controls all functions in the car including engine, interior, multimedia, and others. In this case, we can access it utilizing an OBDII>ETHERNET cable:

Figure 1: OBDII > ETHERNET cable

The connection is hidden on the driver's side (despite the fact that this is not a secret at all to most, if not all car repair shops and smog-check stations):

Figure 2: OBDII port on the car

It provides a TCP/IP connection (establishing IPs for the car and the laptop) and with that one should be able to modify many parameters on the car, very risky but draws the most curious ones' attention. The application needed to establish this TCP/IP connection (E-Sys for F**chassis) is not free and neither easy to manipulate but can be done after some research.

iDrive

The iDrive on the other hand is a complete multimedia system that also includes Internet access. At this point things started to get interesting, the multimedia is able to connect using Bluetooth (IEEE 802.15.x) in conjunction with the personal access (é esse o nome em inglês?) from an iPhone for example.

To initiate the research it is necessary to setup an environment, in my case I have utilized an iPhone with 3G Internet connection, a computer and their blue tooth connections:

Figure 3: Bluetooth connections

Figure 4: Scanning iDrive ports

No ports opened, at least so far, I did not find any service that could be enabled and maybe exploited. My iDrive is not the most advanced, Internet access is only good for accessing RSS feeds and a weather website however in other versions of iDrive now found on BMW 335i, 5, 6 and 7series, it is possible to browser websites, access social networks, etc. hopefully another feature can be reached. The good news are that the extension for the usual iDrive (1 and 3 series) can be retrofitted.

This is a very simple blog post just to present the car's connections and indicating how anyone can get it started for testing. That is definitely avery extensive topic and demands a lot of study and research but very promising in the security field since many features were/are being developed to combine cellphones/computers and cars (Ex: Siri from iPhone).

I am planning on writing more about my experience with both ECU (E-Sys)and iDrive and how other hacks are being done by some performance vendors.