Blog: Automotive Security

Yes, really. A car review on a pen test blog. It’s topical, honest!

Ken Munro 07 Aug 2014


I’ve been looking into the security of the BMW i3 for a while now, primarily around the iOS application that one uses to interface with it. An extension of ConnectedDrive, it provides additional functionality and a little less security! I’ve written about the security issues here.


The app is really quite funky; in addition to geo-locating the car, you can also lock and unlock the doors, plus flash the lights. If only it could check if I had unplugged the iron at home too. There’s a clever range map that analyses how much charge is left and plots a circle of range on the map. Finally, it will even give you walking directions back to the car.

I got to borrow one courtesy of a very generous friend for a day of filming security bugs in cars as part of the ‘internet of things’ with the BBC. 130 miles later, and I want one. Why?

My prior impressions of electric cars weren’t that positive. Talk of battery rental, limited range and lightweight construction did not appeal to me. I’m more of a 4WD driver, be it a Land Rover Discovery or a Nissan GT-R. Something about sliding sideways on muddy roads into ditches, rather than understeering nose-first in to them . I also live in the Styx, so the short journeys that electric cars are targeted at aren’t that commonplace for me.

Having never driven an electric car before, the oddest part (as everyone highlights) is first setting off. Press button. Is it on? Not sure. Press button. Damn, now I’ve switched It off. Press button again, in gear, dab throttle, THAT IS WEIRD! Moving without noise.

The next thing to strike you is the biblical (there, I said it) torque and acceleration from low speed. I drove a 550BHP GT-R for 2 years, and up to 30 ish MPH, the i3 seemed on a par. It’s just effortless, near silent and very, very surprising.

Then you lift off the throttle and attempt not to put one’s head through the windscreen! The car doesn’t coast at all – regenerative engine braking is aggressive and takes some getting used to. However, after a while I quite liked the effect – once you get the hang of it, you find that you rarely have to brake, so the car is driven effectively with one pedal. Lazy right foot! Apparently brake pads don’t need to be replaced during the life of the car as a result.

The suspension is stiff and the car handles reasonably well. A little crashy on the potholed roads near me, but wonderful on the M25. I didn’t get anywhere near the limits of traction in a borrowed vehicle, though those efficient, skinny tyres didn’t look like they would take much sideways G-force to slide.

The interior doesn’t feel cheap either – there’s no doubt that attention has been paid to keeping it minimal and some of the materials are clearly engineered for effect, but I didn’t get a feeling of tacky plastic from it. Not like the mish-mash that is the interior of the Tesla. The navigation system was stunning too, with an enormous screen and touch sensitive iDrive wheel that will even recognise characters ‘drawn’ on it with the fingertip.

Managing range was actually quite fun. When fitted with the Range Extender (a small petrol engine battery charger) it’ll do nearly 100 miles on a full charge, then the 2 gallon petrol tank will get you about another 60 miles. There’s space under the bonnet for a 10 litre petrol can, so 240 miles top end. The small petrol tank is a little odd, but why carry around loads of fuel when you shouldn’t really need it?

But that’s not what the car is about. Most journeys that are driven are relatively short, and that’s where it excels. Many electric vehicles are really city-only cars, but the i3 has long enough legs to cope with deep forays in to the Home Counties and beyond.

No congestion charge, mostly free parking at charging points, free charging in most cities, no road tax, 100% first year allowances for company purchase, 5% Benefit in Kind when a company car, £5K government contribution to the purchase price. There’s not much more that could be done to encourage electric car use.

It’s expensive, considering it’s a small car, but supply is limited and demand is high, so depreciation should be minimal.

Very fast, very frugal and I want one.

I do want BMW to resolve the security issues with iRemote sign up process though…