This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| 1 minute read

A penny for your warmth - Will paid-for subscription services in vehicles lead to increased aftermarket hacking?

BMW caused a stir this month when it announced a new paid-for subscription service for some of its vehicles. Subscription services in vehicles are not a new thing, with features like paid-for infotainment upgrades being common for a while now. However, BMW’s new subscription service is for a ‘heated seat’ package. This has got drivers hot under the collar, given that the hardware (heating pads, wiring) is built-in to the vehicle on manufacture. Therefore, drivers are only paying for the software needed to govern the system (drivers receive this software via an over-the-air update once a subscription is activated). In the eyes of many drivers, this is not particularly complicated software, such that might be deserving of a monthly fee that includes regular software updates.

BMW justifies its approach on the grounds that it gives owners, particularly second-hand owners, a chance to install features that were not configured on purchase. However, what this and other similar examples in the automotive market lead to is a rise in customers seeking aftermarket services to unlock dormant features. Specialists can reconfigure the vehicle’s on-board computers to give better engine performance, or to activate advanced cruise control and other dormant paid-for driver-assist technologies.

By ‘hacking’ the vehicle in this way, drivers risk compromising the cybersecurity of their vehicle. It is analogous to jailbreaking a smartphone and the process could lead to vulnerabilities for cyberattacks. Over the last few years, there have been an increasing number of stories in the press about connected and autonomous vehicles being hacked and endangering the lives of their owners (e.g. compromised adaptive braking systems leading to crashes).

There are also privacy implications too. The additional data that carmakers receive about their drivers that is generated by subscription to the various optional services has an inherent value and could be used for profiling purposes. Carmakers could develop a detailed picture of their customers’ preferences and characteristics, and use this information at a broad level to understand their market better. It is therefore very important that carmakers are transparent about their data use, particularly when the vehicle is sold to a new owner outside of the control of an authorised dealership (i.e. privately, or via a third-party garage).

BMW isn’t the first carmaker to charge for hardware that is fitted even if you didn’t order it. At one time, iconic sports car maker Caterham Cars charged a couple of hundred quid for a heated windscreen on the Seven, a useful feature in a car that wasn’t fully waterproof. Thing is, there wasn’t a unheated screen option, so you’d get it whether or not you ordered it, wired in and ready to go.


automotive, data protection and privacy, data breaches cyber security, technology