http://www.adac.de/infotestrat/technik-und-zubehoer/fahrerassistenzsysteme/sicherheitsluecken.aspx?ComponentId=224182&SourcePageId=8749&quer=sicherheitsluecken#tabid=tab2
So if you're driving a BMW/Mini/RollsRoyce with Connected Drive, there is a fixed SIM card on a small linux machine in your car that BMW uses to send all of your information, including private e-mails, telephone data, location data, driving dynamics, etc... to BMW servers, and they do that through http, so anyone can snoop in.
Through that connection, there is also control over certain functions of the vehicle itself.
ADAC discovered this, and BMW is now going to turn that into https... but wait... they're not going to stop spying on their customers?... lolz...