BMW Thefts

traco

A friend of mine had a 5 series stolen and still had both keys. I didn't believe it was possible but apparently thieves have a system now to access the onboard computer and program a blank key.

This happened a few days back on the Northside. Thought it was worth making owners aware. More details about it in the UK in this article
http://www.bbc.co.uk/programmes/b006mg74/features/bmw-car-theft-technology

rocky

Big thread on Pistonheads

http://www.pistonheads.com/gassing/topic.asp?h=0&f=72&t=1121571&mid=380695&nmt=New+BMW%27s+getting+stolen+using+blank+BMW+keys

listermint

bmstuff wrote: »

The update to prevent this from happening is available since Nov. 2012.

I can update your car to the latest software so you won't be affected (By this way at least).

Cost 150 euros, takes a few hours.

Arent BMW covering this under warranty repair ?

shinkansen

without reading 200pages on PH, lets get this right

BMWs from the last 4/5 years can be accessed with a blank key and some access to the OBD port to drive away the owners car without a bother? cars costing ££££.

and a solution is just out in the last few months.?

sounds like a bit of a farce to me.


i assume that insurance policies or BMW would refund all losses incurred?

shinkansen

seems BMW dont want to know... not very surprised, they just want the readies and off you go.

"BMW are not interested in this one bit, they didnt even care about my car being stolen. The fact is they are not liable unless the car explodes and kills the driver....see below

"Thank you for your further email dated March 18, 2013. I am sorry to learn that your BMW 520d M Sport has been stolen. I can certainly appreciate the disappointment and concern caused by this.

"Criminal activity of all kinds is becoming increasingly sophisticated and particularly in this electronic age, evolves with incredible speed. For highly complex, valuable and desirable products like cars, this has been a constant battle for manufacturers, legislators, the police and of course the owners of these cars."

"Please be assured that your vehicle was built to a standard that meets all required legislations in terms of security and safety. However, we did release an enhancement for any customers who contacted us concerned about the type of theft shown in recent media articles. Information regarding this update was available on our website and it was also announced in the press and through other media such as TV. This was not announced as a vehicle recall as there was no safety issue present."

"I understand that you are concerned about recovering the costs for your vehicle. I can advise that your insurance company and the police are in the best position to assist you further. I trust that they will thoroughly investigate this matter."

"Once again, I am sorry that you have had cause to contact us. However, I trust that you will accept this email as clarification our position on this matter."

shinkansen

doesn't fill me with confidence into the thought of buying a 6 pot 3 series tbh.

Northern Monkey

It's covered in the UK dealer network for free.

bmstuff

shinkansen wrote: »

doesn't fill me with confidence into the thought of buying a 6 pot 3 series tbh.

It affects 07+ cars though.
Don't know which model you had in mind.

bmstuff

Northern Monkey wrote: »

It's covered in the UK dealer network for free.

If that's the case, there is a good chance it would be free here too.
But I don't think this is actually the case, even in the UK.
Now I stand corrected, do you have any reference to this?
If it is, happy days.

bmstuff

Ok is it me or the update only changes the door/window's behaviour?
Some are saying you can still duplicate a key using the OBD port?
If that's the case, it is pretty useless and only a quick coding session will take care of this. In that case a OBD port lock is the only solution, or relocation.

This is not going to prevent them from breaking the window without the alarm going off (This is the way it was designed, believe me or not).

rocky

I think the fix is 2-fold:
- disable the window drop with key in door
- to code a new key, the original/valid key needs to be present

Plus, this vulnerability only applies to cars with comfort access (start button)

tweaf1

Just been informed by (BMW Ireland through UK) that the OBD update is chargeable here as they don't have any reported cases here.

rocky

bmstuff - banned? what?

randy hickey

How in the name of Jaysus can you get banned for discussing BMW security systems?

Bigcheeze

randy hickey wrote: »

How in the name of Jaysus can you get banned for discussing BMW security systems?

Might not be banned for something he posted. Bans are pretty common for having multiple accounts no ?

TouchingVirus

http://www.boards.ie/vbulletin/showthread.php?t=2056911143

randy hickey

Phew, justice prevails!
Fair play to Boards....now, back on topic.

randy hickey

So basically, you need the appropriate blank key and this gizmo;?

https://www.youtube.com/watch?v=kVmPfCFFkqQ

Is it really THAT simple?

Please tell me I'm wrong.

Alanstrainor

Jaysis :eek:

rocky

randy hickey wrote: »

So basically, you need the appropriate blank key and this gizmo;?

https://www.youtube.com/watch?v=kVmPfCFFkqQ

Is it really THAT simple?

Please tell me I'm wrong.

For cars having the comfort access and without the security update, it is that simple...

randy hickey

I found other links that I'm sorta afraid to put up, but let's just say that in the case of these BMWs, it's a case of Gone In 180 seconds.:eek::eek:

Voodoomelon

If I had a modern BMW, I would gladly pay €500 so that only a dealer can replace a key, if it meant devices like above are kept out of the hands of scumbags. Ridiculous that these are available to buy.

Cuddlesworth

I posted on this a while ago. The tyre pressure sensors are attached to the odb ring network by wireless technology. The odb network is not encrypted. Guess what happened next.

This isn't a BMW only problem. But it is a stupid one.

coolisin

Would a steering wheel lock help prevent this?
A simple analogue solution in a digital world.

It's scary how easy it is to reprogram the keys.

bmstuff

coolisin wrote: »

Would a steering wheel lock help prevent this?
A simple analogue solution in a digital world.

It's scary how easy it is to reprogram the keys.

Probably still the best solution around if they were planning to make a new key.
That usually add some significant delay in nicking the car, and many do not even bother when they see one.

Other than that a hidden switch could be used too by rewiring the OBD port.
The port would be dead all the time, no incidence on a daily basis, you would only need to enable the switch when going to your mechanic/dealer.

galwaytt

Cuddlesworth wrote: »

I posted on this a while ago. The tyre pressure sensors are attached to the odb ring network by wireless technology. The odb network is not encrypted. Guess what happened next.

This isn't a BMW only problem. But it is a stupid one.

Holy Fupp. That's mad, Ted.

...clever monkey's who figured out the back door, though..........

galwaytt

bmstuff wrote: »

Probably still the best solution around if they were planning to make a new key.
That usually add some significant delay in nicking the car, and many do not even bother when they see one.

Other than that a hidden switch could be used too by rewiring the OBD port.
The port would be dead all the time, no incidence on a daily basis, you would only need to enable the switch when going to your mechanic/dealer.

Or, move the ODB socket somewhere else (say, glovebox).

the icing on top would be to...........then use the 'old' OBD port and to, say....wire a good 'ol fashioned HT coil onto a pair in the connector. Result, one Kentucky-fried OBD device....

Anan1

galwaytt wrote: »

Or, move the ODB socket somewhere else (say, glovebox).

the icing on top would be to...........then use the 'old' OBD port and to, say....wire a good 'ol fashioned HT coil onto a pair in the connector. Result, one Kentucky-fried OBD device....

... almost certainly belonging to an innocent mechanic somewhere down the line!

On a more serious note, comfort access is a relatively rare option. Is it only these cars that are affected?

rocky

Anan1 wrote: »

... almost certainly belonging to an innocent mechanic somewhere down the line!

On a more serious note, comfort access is a relatively rare option. Is it only these cars that are affected?

That's what BMW are saying and I believe them

Anan1

rocky wrote: »

That's what BMW are saying and I believe them

Sure you're too lucky to ever have your car stolen.

rebel.ranter

Anan1 wrote: »

... almost certainly belonging to an innocent mechanic somewhere down the line!

On a more serious note, comfort access is a relatively rare option. Is it only these cars that are affected?

It's not the comfort access option that is vulnerable. It is every BMW with the fob type key, the one that doesn't have a blade for use in ignition barrel. These are standard on every BMW from around 2006. BMW UK put a cut off on the date of the security patch (2007) purely based on the perceived value of the car, it does also affect 2006 cars.

The solutions as mentioned are:

- steering wheel lock
- ODB port disable
- Enable audible "chirp" for locking

Steering wheel lock is a great visual deterrent, easy to remove maybe, but a thief will move on to the next easier car. BMstuff's suggestion of a switch on one (or more) of the data lines in the ODB port is probably the best way to ensure your car stays on the driveway. Enabling the audible chirp allows you to be sure you've locked the car. In the UK the theives have been using a jammer (433MHz) to prevent you remote locking your car. The idea is you park up for the night, you think you have locked the car because you clicked the lock button on your key. When all is quiet & you're tucked up asleep in bed they simply open the car door without breaking any window & use their key fob replicator device attached to your ODB port. Car gone! At least with the chirp they will have to get in to the car with a bit of effort!

I don't think the "security update" is worth a jot, anything I have read on it suggests that the compromise still exists, the theives simply need to do a software update of their own kit to be right back in the game.

This is not just a BMW problem, any brand that utilises a fob type key like Mercedes, Audi/VAG, etc. are vulnerable. BMW are getting all the publicity right now.

rocky

Anan1 wrote: »

Sure you're too lucky to ever have your car stolen.

that, and I have the old blade-type key

Cuddlesworth

rebel.ranter wrote: »

The solutions as mentioned are:

- steering wheel lock
- ODB port disable
- Enable audible "chirp" for locking

Only one of the above options would actually work, the steering lock.

As I said I posted about this last year. All it took was 1 person to point out the glaring flaw and a couple of clever people to whip up some basic prototypes. Which you can pick up on ebay.

You can unlock a car from the OBD network while outside of it, you don't need access to the internal port. You can reprogram a key from outside the car. You can pretty much do anything you want as long as you can key into the network from numerous entry points and have a good understanding of that particular manufactures signalling.

In theory, I could set up a high powered receiver/transmitter beside the M50 putting out engine kill signals for specific manufacturers and watch as the newer cars started dropping off in droves.

And because of the design of the wireless transmitters and receivers, you would need a complete rewrite of the whole system to avoid it. Starting in the world of IT security myself, I was pretty shocked at how far behind car manufacturers are in their whole approach to the concept of access into internal networks.

Blazer

that's one thing I'm paranoid about is locking my car..I always make sure to it right outside and ensure the door bolts shut down.I've even walked back to make sure again that I do it..
Of course you can be absolutely guaranteed that the one day I do forget the thieves will be around

00833827

the dude in the video has mega hairy fingers!

00833827

rebel.ranter wrote: »

This is not just a BMW problem, any brand that utilises a fob type key like Mercedes, Audi/VAG, etc. are vulnerable. BMW are getting all the publicity right now.

Was just gonna suggest the VAG's from mid 00's on with the key fob type device.

What about the Renault credit card style key. Do they still have those?

Also the new Fords (Fiesta at least) have the device that just needs to be on the person to allow car to be started. I would think these have to be examined also.

tossy

A friend of mine recently fitted a second OBD port in his car in another location and made the factory port a dummy port,except now it has a constant 12v supply from the battery so anyone who plugs their laptop in will get a nice surprise - i thought it was genius myself

Victor Meldrew

rocky wrote: »

That's what BMW are saying and I believe them

So, in my car, I put the fob in the steering column, and it releases the steering lock. I then press the start button.

does this constitute " comfort" start? I thought that was proximity peys, where it did not need to be put in any part of the dashboard?

galwaytt

...this reminds me of what the salesman on the Skoda stand at the National Ploughing Championship made as a USP for Skoda : an actual key and an actual handbrake; compared to all those 'high tech' cars. ....

bmstuff

Victor Meldrew wrote: »

So, in my car, I put the fob in the steering column, and it releases the steering lock. I then press the start button.

does this constitute " comfort" start? I thought that was proximity peys, where it did not need to be put in any part of the dashboard?

Yes it would be

The proximity key, you can keep it in your pocket and start the car.
I am sure someone will come up with a hack here too, unfortunately. Just a question of time.

djimi

Blazer wrote: »

that's one thing I'm paranoid about is locking my car..I always make sure to it right outside and ensure the door bolts shut down.I've even walked back to make sure again that I do it..
Of course you can be absolutely guaranteed that the one day I do forget the thieves will be around

The only time in the 10+ years Ive owned cars that I forgot to lock the doors was the night before someone tried to open my door with a screwdriver. I am blessed that they didnt try it 24 hours earlier...

rebel.ranter

Cuddlesworth wrote: »

Only one of the above options would actually work, the steering lock.

As I said I posted about this last year. All it took was 1 person to point out the glaring flaw and a couple of clever people to whip up some basic prototypes. Which you can pick up on ebay.

You can unlock a car from the OBD network while outside of it, you don't need access to the internal port. You can reprogram a key from outside the car. You can pretty much do anything you want as long as you can key into the network from numerous entry points and have a good understanding of that particular manufactures signalling.

In theory, I could set up a high powered receiver/transmitter beside the M50 putting out engine kill signals for specific manufacturers and watch as the newer cars started dropping off in droves.

And because of the design of the wireless transmitters and receivers, you would need a complete rewrite of the whole system to avoid it. Starting in the world of IT security myself, I was pretty shocked at how far behind car manufacturers are in their whole approach to the concept of access into internal networks.

Those solutions I posted deal with the current threat that is widespread out there at the minute. The current batch of thieves are using kit that requires access to the OBD port.

I don't know if you had a look yet but there are some really interesting videos over on www.ted.com under security, well worth a watch.

One of them talks about the various everyday items such as pace makers, power plants & cars can be hacked. The car one talked about using Mobile phone system, Bluetooth, WiFi, OBD port & FM radio as means to access the cars' system. Everything is networked together so basically any device on that network is a potential entry point.
Just started to get interested in the whole IT security industry myself recently.