Stolen 1M CCTV footage
Discussion
carinaman said:
ArsE92 said:
Skipppy said:
I'm sure it's been asked but who in the right mind is going to invest substancial amounts of money in BMW cars until this issue is sorted...?
Me, probably. Whilst this security flaw is unfortunate to say the least I'm not going to rule out an E90 M3 as my next car because of it. Once I buy the car I have responsibility to secure it, so I'd nobble the OBD port like I have done with my 335.I'm sure many others will take the same approach.
That buyers have to beef up car security for what's an obvious oversight on the part of BMW (I've mentioned comparisons to network security and physical access before) sounds like days past were Jaguar and Lotus seemed to use their customers to finish off their car development for them.
It's not BMW's responsibility to ensure the OBD post isn't as easy to access and functionally enabled that port to be used to disable the alarm and reprogram keys?
Hopefully Watchdog will give Thatcham a well deserved boot in the nads too for certifying the 1M as secure. I guess like BMW they just know about car security and nothing about network security?
Of course it's BMW's responsibility to ensure their product is secure. And to continue your analogy it is also Microsoft's responsibility to ensure their products are secure but they have also failed on numerous occasions. However, because their products are good (!) we continue to use them and do the best we can to secure them ourselves.
BMW should have accepted it and dealt with it and put it to bed. Instead they've come up with excuses and corporate speak.
They should have got hold it of it sooner. I wonder how much the Watchdog programme will take off of the shine of the Orange and White Olympics torch procession coverage. 'BMW's car security doesn't win a gold!', 'Car thieves strike gold with basic car security lapse', 'Thtacham help BMW not even achieve a Bronze when it comes to keeping their cars secure'.....
Joy? I guess that's what those criminals felt when they found about this vulnerability.
I prefer the network analogy, CAN bus being CSMA/CD like Ethernet. I don't like the Microsoft analogy. For me it's much more about gaining access to a network and what you can achieve with that access.
They should have got hold it of it sooner. I wonder how much the Watchdog programme will take off of the shine of the Orange and White Olympics torch procession coverage. 'BMW's car security doesn't win a gold!', 'Car thieves strike gold with basic car security lapse', 'Thtacham help BMW not even achieve a Bronze when it comes to keeping their cars secure'.....
Joy? I guess that's what those criminals felt when they found about this vulnerability.
I prefer the network analogy, CAN bus being CSMA/CD like Ethernet. I don't like the Microsoft analogy. For me it's much more about gaining access to a network and what you can achieve with that access.
Edited by carinaman on Wednesday 12th September 15:03
Responding to the investigation BMW said: "Certain criminal threats, like the one you have highlighted, simply do not exist when cars are designed and developed.
WTF?! So, "when we invented the new key system, because no one had broken into it before, we didn't check whether it might be able to be broken into in the future. Now it turns out it can be broken into, it wasn't our fault because the new technology hadn't been broken into in the past before it was invented".
I am quite amazed (and disappointed) BMW haven't come up with some sort of new plug and play program to sort this and are still just trying to pass it off.
WTF?! So, "when we invented the new key system, because no one had broken into it before, we didn't check whether it might be able to be broken into in the future. Now it turns out it can be broken into, it wasn't our fault because the new technology hadn't been broken into in the past before it was invented".
I am quite amazed (and disappointed) BMW haven't come up with some sort of new plug and play program to sort this and are still just trying to pass it off.
There are two possible reasons why other cars aren't vulnerable like this (is it the whole BMW range, or just certain models?):
1) The diagnostics port isn't active when the alarm is armed
2) The alarm doesn't have a blind spot around the diagnostics port.
Maybe it's part of the OBD2 specs that the diagnostics must be accessible whilst the alarm is armed? I can see only one genuine use for that - lost keyfobs. But it would be very easy to have PIN controlled access that cannot be bypassed (i.e. unique to each vehicle). Just like security coded radios, so it's nothing new/advanced. Also, the alarm should be triggered if the diagnostics port is accessed/attempted whilst the alarm is armed (won't matter if legit - i.e. the car is in a workshop having new keys programmed, but if it's on your drive and someone is trying to nick it, then it's a bit more of a deterrent).
If BMW/Thatcham/OBD people are reading this, please PM me and I will send an invoice for my consultancy fee.
The worst thing about this whole episode is that BMW haven't tackled the issue head on - it is more quite possibly resolvable with a software update.
1) The diagnostics port isn't active when the alarm is armed
2) The alarm doesn't have a blind spot around the diagnostics port.
Maybe it's part of the OBD2 specs that the diagnostics must be accessible whilst the alarm is armed? I can see only one genuine use for that - lost keyfobs. But it would be very easy to have PIN controlled access that cannot be bypassed (i.e. unique to each vehicle). Just like security coded radios, so it's nothing new/advanced. Also, the alarm should be triggered if the diagnostics port is accessed/attempted whilst the alarm is armed (won't matter if legit - i.e. the car is in a workshop having new keys programmed, but if it's on your drive and someone is trying to nick it, then it's a bit more of a deterrent).
If BMW/Thatcham/OBD people are reading this, please PM me and I will send an invoice for my consultancy fee.
The worst thing about this whole episode is that BMW haven't tackled the issue head on - it is more quite possibly resolvable with a software update.Boydie88 said:
Responding to the investigation BMW said: "Certain criminal threats, like the one you have highlighted, simply do not exist when cars are designed and developed.
WTF?! So, "when we invented the new key system, because no one had broken into it before, we didn't check whether it might be able to be broken into in the future. Now it turns out it can be broken into, it wasn't our fault because the new technology hadn't been broken into in the past before it was invented".
I am quite amazed (and disappointed) BMW haven't come up with some sort of new plug and play program to sort this and are still just trying to pass it off.
Thanks for quoting that, I'd not seen it. Where exactly do BMW get off insulting the intelligence of the public?WTF?! So, "when we invented the new key system, because no one had broken into it before, we didn't check whether it might be able to be broken into in the future. Now it turns out it can be broken into, it wasn't our fault because the new technology hadn't been broken into in the past before it was invented".
I am quite amazed (and disappointed) BMW haven't come up with some sort of new plug and play program to sort this and are still just trying to pass it off.
CANbus has never been used before? Networks have never been used before?
BMW, I really like you investing so much money in the UK making cars and engines but please stop talking to everyone like they were born yesterday and can't possibly know more about it than you do.
It's not their fault as they didn't invent networking?
Edited by carinaman on Wednesday 12th September 15:28
carinaman said:
I prefer the network analogy, CAN bus being CSMA/CD like Ethernet. I don't like the Microsoft analogy. For me it's much more about gaining access to a network and what you can achieve with that access.
Let's not turn this into a geek-off!To me it's more about a consumer purchasing a product that isn't perfectly secure. Microsoft Windows isn't perfectly secure and in some versions had glaring security flaws, just like the security implementation on the BMWs affected.
A consumer wouldn't purchase a network switch from PC World and go home thinking "Thank goodness this switch won't transmit unless it senses a connection first".
The ideal solution, as already alluded to, would be for (a)the OBD port to be disabled when the alarm is set, and (b) the alarm blindspot being rectified. Surely (a) can be achieved with a firmware update? (B) might need improved sensors?
Responding to the investigation BMW said: "Certain criminal threats, like the one you have highlighted, simply do not exist when cars are designed and developed.
Put that through the "weasel words" translator and you get:
"Tools to exploit the glaring hole in our flawed security system were not readily available at the time we designed it"
Put that through the "weasel words" translator and you get:
"Tools to exploit the glaring hole in our flawed security system were not readily available at the time we designed it"
I spy a large recall......
0800 083 4397 (came up on screen on Watchdog) to call BMW with regards to the situation and how they plan to combat it.
Cars between 2006 and Sept 2011 are effected.
Disgraceful. The ultimate fobbing off machine (excuse the pun).
0800 083 4397 (came up on screen on Watchdog) to call BMW with regards to the situation and how they plan to combat it.
Cars between 2006 and Sept 2011 are effected.
Disgraceful. The ultimate fobbing off machine (excuse the pun).
Edited by OdramaSwimLaden on Wednesday 12th September 20:18
5STM5 said:
I bought my 2007 5 series last year, so it falls into this category. I was happy at the purchase to know the car had Thatcham 1 approved security, hmmm. Anyway off to phone BMW free phone number to see what they plan to do.
Also wonder what will happen to resale values?
I wouldn't worry about that, BMW need to sort it out and they will!Also wonder what will happen to resale values?
Gassing Station | General Gassing | Top of Page | What's New | My Stuff