The company said the problem affected BMW, Mini and Rolls Royce models equipped with its ConnectedDrive technology, which allows drivers to access certain car functions with a smartphone.
German automobile club ADAC, which discovered the flaw last summer, claimed hackers could have used a fake cellphone base station to intercept network traffic from the car and lower the windows or open the doors.
There are no reports such a break-in ever took place.
BMW spokesperson Silke Brigl said hackers wouldn’t have been able to start or stop the engine.
She said the problem has been fixed with an automatic update and customers don’t need to take any action.