The company says the problem affected BMW, Mini and Rolls Royce models equipped with its ConnectedDrive technology, which allows drivers to access certain car functions with a smartphone.
German automobile club ADAC, which discovered the flaw last summer, says hackers could have used a fake cellphone base station to intercept network traffic from the car and lower the windows or open the doors. There are no reports such a break-in ever took place.
BMW spokeswoman Silke Brigl said today that hackers wouldn't have been able to start or stop the engine. Brigl said the problem has been fixed with an automatic update and customers don't need to take any action.