Stolen 1M CCTV footage
Discussion
On Watchdog they said that other manufacturers have also built this insecurity into their cars and wanted owners of others that have had their cars stolen using this method, though I wonder how they'd know unless they had it on CCTV, to contact the show.
What other cars are getting stolen using this method?
What other cars are getting stolen using this method?
ArsE92 said:
carinaman said:
I prefer the network analogy, CAN bus being CSMA/CD like Ethernet. I don't like the Microsoft analogy. For me it's much more about gaining access to a network and what you can achieve with that access.
Let's not turn this into a geek-off!To me it's more about a consumer purchasing a product that isn't perfectly secure. Microsoft Windows isn't perfectly secure and in some versions had glaring security flaws, just like the security implementation on the BMWs affected.
A consumer wouldn't purchase a network switch from PC World and go home thinking "Thank goodness this switch won't transmit unless it senses a connection first".
The ideal solution, as already alluded to, would be for (a)the OBD port to be disabled when the alarm is set, and (b) the alarm blindspot being rectified. Surely (a) can be achieved with a firmware update? (B) might need improved sensors?
It's not a case of something not being perfectly secure but having some feature that's of dubious benefit for users creating a vulnerability. Every tool, weapon, procedure and system ever created is open to misuse whether by error or intention. Someone within BMW must have realised that leaving that port open provided an 'in' for people.
I don't like your Microsoft analogy. Microsoft is the de facto OS. BMWs are not the de facto car. Has any car maker ever had the dominance in their market that Microsoft has? Ford with the Model T?
Your Microsoft comparison has led me to another. It's like paying three times more than you have to for some premium branded Home Wi-Fi hub to connect your devices to your broadband ADSL socket in the wall, but getting home and realising that despite paying over the odds for this prestige named hub it doesn't have any encryption functionality so your ADSL broadband is open to anyone. You then have to take a can opener opener from a drawer in the kitchen to improve the security of this rather expensive home networking hub to stop it being open to all and sundry or go back to PC World, Tandy or some online retailer to buy an additional piece of kit from someone else to secure your home network.
Company car culture and brand obssessed Britain means BMWs have been in the top ten sellers for years. They're now as easy to steal as Cortinas were in the 70s and 80s?
Edited by carinaman on Thursday 13th September 00:59
gamefreaks said:
Does anyone know anything about the technical details of these code readers?
128bit encryption is pretty strong, so are BMW keeping quiet because their private keys have been leaked?
I don't think there is any encryption involved in the process? Plug in a diagnostic tool, tell the ECU to add this shiny new key, and blip blip you're away. Maybe the diagnostic tool has encrypted comms with the ECU, but it if that is the case, it was only going to be a matter of time before the hardware got onto the black market, and BMW should never have counted on that not happening.128bit encryption is pretty strong, so are BMW keeping quiet because their private keys have been leaked?
Mr2Mike said:
carinaman said:
They're now as easy to steal as Cortinas were in the 70s and 80s?
Possibly not quite that easy, I doubt you can steal a modern BMW armed with nothing more than a lollipop stick 
You may have got into a Cortina with a lollypop stick but it wouldn't make a new key for you would it? That's progress for you.
carinaman said:
Mr2Mike said:
carinaman said:
They're now as easy to steal as Cortinas were in the 70s and 80s?
Possibly not quite that easy, I doubt you can steal a modern BMW armed with nothing more than a lollipop stick You may have got into a Cortina with a lollypop stick but it wouldn't make a new key for you would it? That's progress for you.
mjb1 said:
gamefreaks said:
Does anyone know anything about the technical details of these code readers?
128bit encryption is pretty strong, so are BMW keeping quiet because their private keys have been leaked?
I don't think there is any encryption involved in the process? Plug in a diagnostic tool, tell the ECU to add this shiny new key, and blip blip you're away. Maybe the diagnostic tool has encrypted comms with the ECU, but it if that is the case, it was only going to be a matter of time before the hardware got onto the black market, and BMW should never have counted on that not happening.128bit encryption is pretty strong, so are BMW keeping quiet because their private keys have been leaked?
in which case this is a catastrophically dumb thing to do....
Blaming the access to the OBD port is not the issue, having an un-encrypted security system on an open OBD port is the stupid bit.
Steve vRS said:
Hypothetical ==> If you didn't get this done and your car was nicked, would the insurers have questions....
Steve
One of my colleagues asked the BMW helpline this directlySteve
"what happens if my car is nicked between now and when the car gets reprogrammed?"
"Well sir, you should be extra vigilant, park another car in front of your BMW, install a disclok etc"
"That's not what I meant"
"Sir, you'll have to take that up with BMW head office"
ChrisBuer said:
I collected my 1M on the 20th October 2011, however I cant't remember when the build date was. I have a feeling it was early October but this is quite close to the September cut off. Maybe I'll phone and see what they say.....
The build month is on a sticker by the drivers door Chris.Edited by Pugland53 on Thursday 13th September 16:43
Marf said:
Steve vRS said:
Hypothetical ==> If you didn't get this done and your car was nicked, would the insurers have questions....
Steve
One of my colleagues asked the BMW helpline this directlySteve
"what happens if my car is nicked between now and when the car gets reprogrammed?"
"Well sir, you should be extra vigilant, park another car in front of your BMW, install a disclok etc"
"That's not what I meant"
"Sir, you'll have to take that up with BMW head office"
Steve
Ok, apologies if this has alrady been posted (at work so can't spend long trawling this thread!) ...
... this thread has made it on to The Register. The same article points at a very interesting presentation by a guy called Rob Van den Brink at a tech security conference earlier this year, about OBD security weakness. Interesting comments suggesting you can also easily access the OBD system via the wireless tyre pressure monitoring system (TPMS)!
... this thread has made it on to The Register. The same article points at a very interesting presentation by a guy called Rob Van den Brink at a tech security conference earlier this year, about OBD security weakness. Interesting comments suggesting you can also easily access the OBD system via the wireless tyre pressure monitoring system (TPMS)!
Cross posted from another thread. BMW have a fix for the X6, but another 8 weeks for the rest of the range. Hmm.
me said:
http://www.autoexpress.co.uk/bmw/60264/bmw-owners-...
Makes me wonder how there's an X5 / X6 version already, but another 8 weeks for the rest of the range.
You can do a LOT of programming / testing in 8 weeks.
Makes me wonder how there's an X5 / X6 version already, but another 8 weeks for the rest of the range.
You can do a LOT of programming / testing in 8 weeks.
Gassing Station | General Gassing | Top of Page | What's New | My Stuff