Discussion
davepoth said:
I'd take a look at the wiring diagram for your car to see if there is a relay that can be pulled easily to immobilize it. The fuel pump one should do the job.
I'd do something like that if if the issue was a local problem and my car left out overnight.Twenty odd years ago, when car thefts were rife locally several neighbours had their cars disappear overnight and a week later, my fairly new car disappeared to. It ended up on someone's drive twenty miles away and theirs had been stolen, a different make to mine. Serial joyriding! This spate followed a TV programme on the subject with a very brief showing of how the thieves stole the car. The apprehended schoolboy still behind the wheel. No doubt that programme was recorded by those who then studied the process at their leisure. I saw that programme. A local member of the BiB I knew then told me that numerous cars went missing for a month or so after that showing. Nationwide 100s. When I recovered my car and took it to the local dealership, their storage compound was full of stolen recovered cars all showing theft damage identical to mine. Others were simply left burnt out to destroy evidence.
For a while thereafter, I arranged things so that I could easily remove the steering wheel complete assembly in a few seconds when leaving the locked and alarmed car unprotected. Inconvenient yes, but not as inconvenient as not having your car. Eventually I found a more effective and convenient method to make my car thief proof.
Meantime, many marques have made their products very difficult to steal without the actual keys and fobs. So effective that criminals would enter a house in the early hours putting a weapon at the sleeping owner's head or throat demanding the keys.
Dave Hedgehog said:
Garvin said:
I have read this thread but I'm still unsure just how these thefts are committed? If the car is unlocked (either by jammimng the locking signal or by the owner just leaving the vehicle unlocked) then, yes, key recoding seems to be straightforward if you have the kit and away you go. If the car is locked and the alarm/immobiliser activated does simply breaking a window to gain access to the OBD port still allow key recoding - surely the alarm/immobiliser is still set if the alarm doesn't go off and if the alarm does go off is the engine still immobilised? Or can the key be recoded and also used to open the vehicle/disarm the alarm/immobiliser? In short, if you ensure your vehicle has been successfully locked does this not make things a whole lot more difficult for the thieves?
once the keys programmed it is a normal key, it will arm / disarm the alarmthe best thing to do is to make your car more hassle to steal than your neighbours
its the old escape from a bear scenario, you dont need to be able to run faster than a bear, just faster than your friend
BE57 TOY said:
Garvin said:
I have read this thread but I'm still unsure just how these thefts are committed? If the car is unlocked (either by jammimng the locking signal or by the owner just leaving the vehicle unlocked) then, yes, key recoding seems to be straightforward if you have the kit and away you go. If the car is locked and the alarm/immobiliser activated does simply breaking a window to gain access to the OBD port still allow key recoding - surely the alarm/immobiliser is still set if the alarm doesn't go off and if the alarm does go off is the engine still immobilised? Or can the key be recoded and also used to open the vehicle/disarm the alarm/immobiliser? In short, if you ensure your vehicle has been successfully locked does this not make things a whole lot more difficult for the thieves?
If you drill the lock on a BMW the alarm doesn't go off. Garvin said:
BE57 TOY said:
Garvin said:
I have read this thread but I'm still unsure just how these thefts are committed? If the car is unlocked (either by jammimng the locking signal or by the owner just leaving the vehicle unlocked) then, yes, key recoding seems to be straightforward if you have the kit and away you go. If the car is locked and the alarm/immobiliser activated does simply breaking a window to gain access to the OBD port still allow key recoding - surely the alarm/immobiliser is still set if the alarm doesn't go off and if the alarm does go off is the engine still immobilised? Or can the key be recoded and also used to open the vehicle/disarm the alarm/immobiliser? In short, if you ensure your vehicle has been successfully locked does this not make things a whole lot more difficult for the thieves?
If you drill the lock on a BMW the alarm doesn't go off. Jon999 said:
Garvin said:
BE57 TOY said:
Garvin said:
I have read this thread but I'm still unsure just how these thefts are committed? If the car is unlocked (either by jammimng the locking signal or by the owner just leaving the vehicle unlocked) then, yes, key recoding seems to be straightforward if you have the kit and away you go. If the car is locked and the alarm/immobiliser activated does simply breaking a window to gain access to the OBD port still allow key recoding - surely the alarm/immobiliser is still set if the alarm doesn't go off and if the alarm does go off is the engine still immobilised? Or can the key be recoded and also used to open the vehicle/disarm the alarm/immobiliser? In short, if you ensure your vehicle has been successfully locked does this not make things a whole lot more difficult for the thieves?
If you drill the lock on a BMW the alarm doesn't go off. Garvin said:
I can call BMW, answer a couple of security questions and they will remotely open my vehicle - they can also lock it remotely. The software fix would be for the in-car software - surely the dealers have other methods, external to the vehicle, of coding keys using BMW records.
I had an email from BMW in response to my last where they said they were aware of the "rumours"Garvin said:
I can call BMW, answer a couple of security questions and they will remotely open my vehicle - they can also lock it remotely. The software fix would be for the in-car software - surely the dealers have other methods, external to the vehicle, of coding keys using BMW records.
you could use a duel key type system, where you need to send a key code to the car which would have its own unique key code before it will respond, rather than just having it open to to any device sending a reprogram key requestEdited by Dave Hedgehog on Sunday 29th April 08:48
The argument about needing a system whereby you can code a key in the car whilst it's still immobilised incase the owner loses the keys is rubbish. How on earth did everyone manage back in the days with bladed keys? Could you imagine the uproar if 10 years ago BMW cars had a box in the passenger footwell with a slot in it where if you inserted a blank key blade it'd cut you a key to the ignition barrel?
Same situation we have now...
Same situation we have now...
Edited by joe oliver on Sunday 29th April 09:48
Dave Hedgehog said:
Garvin said:
I can call BMW, answer a couple of security questions and they will remotely open my vehicle - they can also lock it remotely. The software fix would be for the in-car software - surely the dealers have other methods, external to the vehicle, of coding keys using BMW records.
you could use a duel key type system, where you need to send a key code to the car which would have its own unique key code before it will respond, rather than just having it open to to any device sending a reprogram key requestEdited by Dave Hedgehog on Sunday 29th April 08:48
Could they not resolve this by way of a recall and software update to remove the security flaw? It will cost them a lot, but so will this story making it onto the national press and Watchdog. As said on the other thread, it has the potential to affect the majority of BMWs on the road in this country today.
Interesting thread...
Here's a few observations from an IT security bod who also has one or two links to the automotive industry!
1 - BMW don't have a technical problem that requires a recall... If you put it into IT security speak, what has happened is that someone has discovered a venerability which needs a fix. Sure, it is in BMW's best interest to find a fix but like others have said, cars have been broken into & nicked for years.
2 - I can't help thinking that part of the problem is down to the motor manufacturers being forced to open up the ECU specs for independents, etc... At a very simple level, if they were allowed to keep things closed, all they would have needed to do was secure the OBD communications (e.g. through a shared secret / SSL).
3 - Frankly, the nobbling of the OBD port looks like the most sensible solution. You could even fit a false one & tuck the real one back out of sight.
My 2p.
M
Here's a few observations from an IT security bod who also has one or two links to the automotive industry!
1 - BMW don't have a technical problem that requires a recall... If you put it into IT security speak, what has happened is that someone has discovered a venerability which needs a fix. Sure, it is in BMW's best interest to find a fix but like others have said, cars have been broken into & nicked for years.
2 - I can't help thinking that part of the problem is down to the motor manufacturers being forced to open up the ECU specs for independents, etc... At a very simple level, if they were allowed to keep things closed, all they would have needed to do was secure the OBD communications (e.g. through a shared secret / SSL).
3 - Frankly, the nobbling of the OBD port looks like the most sensible solution. You could even fit a false one & tuck the real one back out of sight.
My 2p.
M
anonymous said:
[redacted]
Depends on who needs who more & how independent the editorial staff are. Do the Haymarket editorial staff want the cudos of leading the way in breaking a story or do they want to play catchup when one of the other players leads with it???Do Haymarket need the BMW ££££ more than BMW want Haymarket's circulation??
We may never know...
M
camel_landy said:
Interesting thread...
Here's a few observations from an IT security bod who also has one or two links to the automotive industry!
1 - BMW don't have a technical problem that requires a recall... If you put it into IT security speak, what has happened is that someone has discovered a venerability which needs a fix. Sure, it is in BMW's best interest to find a fix but like others have said, cars have been broken into & nicked for years.
2 - I can't help thinking that part of the problem is down to the motor manufacturers being forced to open up the ECU specs for independents, etc... At a very simple level, if they were allowed to keep things closed, all they would have needed to do was secure the OBD communications (e.g. through a shared secret / SSL).
3 - Frankly, the nobbling of the OBD port looks like the most sensible solution. You could even fit a false one & tuck the real one back out of sight.
My 2p.
M
camel Andy my Audi came with a tag with my vin number on it. I see no reason why BMW cannot apply an SSL system and give the obd SSL password to the owner in the same form. Vin one side obd password the other.Here's a few observations from an IT security bod who also has one or two links to the automotive industry!
1 - BMW don't have a technical problem that requires a recall... If you put it into IT security speak, what has happened is that someone has discovered a venerability which needs a fix. Sure, it is in BMW's best interest to find a fix but like others have said, cars have been broken into & nicked for years.
2 - I can't help thinking that part of the problem is down to the motor manufacturers being forced to open up the ECU specs for independents, etc... At a very simple level, if they were allowed to keep things closed, all they would have needed to do was secure the OBD communications (e.g. through a shared secret / SSL).
3 - Frankly, the nobbling of the OBD port looks like the most sensible solution. You could even fit a false one & tuck the real one back out of sight.
My 2p.
M
The system would then comply with eu regs as it would be open as owner could give the obd password to whichever garage they take the car to.
TallbutBuxomly said:
camel_landy said:
Interesting thread...
Here's a few observations from an IT security bod who also has one or two links to the automotive industry!
1 - BMW don't have a technical problem that requires a recall... If you put it into IT security speak, what has happened is that someone has discovered a venerability which needs a fix. Sure, it is in BMW's best interest to find a fix but like others have said, cars have been broken into & nicked for years.
2 - I can't help thinking that part of the problem is down to the motor manufacturers being forced to open up the ECU specs for independents, etc... At a very simple level, if they were allowed to keep things closed, all they would have needed to do was secure the OBD communications (e.g. through a shared secret / SSL).
3 - Frankly, the nobbling of the OBD port looks like the most sensible solution. You could even fit a false one & tuck the real one back out of sight.
My 2p.
M
camel Andy my Audi came with a tag with my vin number on it. I see no reason why BMW cannot apply an SSL system and give the obd SSL password to the owner in the same form. Vin one side obd password the other.Here's a few observations from an IT security bod who also has one or two links to the automotive industry!
1 - BMW don't have a technical problem that requires a recall... If you put it into IT security speak, what has happened is that someone has discovered a venerability which needs a fix. Sure, it is in BMW's best interest to find a fix but like others have said, cars have been broken into & nicked for years.
2 - I can't help thinking that part of the problem is down to the motor manufacturers being forced to open up the ECU specs for independents, etc... At a very simple level, if they were allowed to keep things closed, all they would have needed to do was secure the OBD communications (e.g. through a shared secret / SSL).
3 - Frankly, the nobbling of the OBD port looks like the most sensible solution. You could even fit a false one & tuck the real one back out of sight.
My 2p.
M
The system would then comply with eu regs as it would be open as owner could give the obd password to whichever garage they take the car to.
Would need some thought put into the areas of:
- What if you have a replacement ECU?
- Lost codes!
- If you put a wrong password in, do you get locked out? If not, it just leaves it open for a 'brute force' attack... Which potentially wouldn't slow the thieves down much (if at all!!).
M
Gassing Station | General Gassing | Top of Page | What's New | My Stuff