New BMW's getting stolen using blank BMW keys
Discussion
mrmr96 said:
ian_cab28 said:
Could even fit and leave the 100+ Volt inverted AC pin that way !!
In all seriousness, a few people have posted suggesting similar. My reluctance would be three fold:1 It's clearly a joke.
2 If you fried a crims device, then they will burn your car/house.
3 If you fried a garages diag machine, you'll be £20-30k out of pocket buying them a new one.
Putting a hidden switch may be safer, as that would just simulate a broken wire.
Pity BMW will not take some action or even recognise responsibility. Their choice. It does not help the owners.
WeirdNeville said:
Sorry, I nearly forgot the important bit, which is of course the Crime Prevention advice:
1) Park somewhere overlooked and garage the car if you can.
2) Disable the OBD port in some cunning way.
3) Use additional physical security such as a steering wheel lock.
4) Consider additional and aftermarket immobilisers/trackers. Something perhaps that cuts fuel and is independant of the keyed ignition. Sadly I think this kind of security may become an necessity from an insurance point of view as time wears on.
Great post thanks for all the info. 1) Park somewhere overlooked and garage the car if you can.
2) Disable the OBD port in some cunning way.
3) Use additional physical security such as a steering wheel lock.
4) Consider additional and aftermarket immobilisers/trackers. Something perhaps that cuts fuel and is independant of the keyed ignition. Sadly I think this kind of security may become an necessity from an insurance point of view as time wears on.
Edited by WeirdNeville on Friday 1st June 02:08
Do you know if despite the denials BMW are working on a fix ? Surely they are under pressure from the insurance and leasing industries to do so ?
Cheib said:
Do you know if despite the denials BMW are working on a fix ? Surely they are under pressure from the insurance and leasing industries to do so ?
A post elsewhere said BMW is awaiting the results of a Thatcham investigation expected mid-July.I am certainly not an expert on the insurance industry, but it seems to me that even if BMW has a fix already waiting to deploy, they may be unable to do anything until Thatcham has finished picking over the issue. After all, the security system on the cars is currently Thatcham-approved (for what little that's worth) and a change to it would put that approval in question.
The worst case for BMW would be if Thatcham issued a 'delete notice' saying the security system was no longer on the approved list. If that happened (and I'm not saying it's likely - I just don't know enough about it) then insurers would not just be raising premiums, they'd be refusing to insure.
I guess - and again I stress guess- that considerations of this kind weigh heavily with BMW. No idea how this is playing out in mainland Europe: pesumably BMW has to concern itself not just with Thatcham but the TUV in Germany and goodness knows who else before they can deploy changes.
My thanks too to WeirdNeville for an extremely helpful post. Perhaps he or someone else with real knowledge can shed light on the aspects I mention.
r999 said:
Cheib said:
Do you know if despite the denials BMW are working on a fix ? Surely they are under pressure from the insurance and leasing industries to do so ?
A post elsewhere said BMW is awaiting the results of a Thatcham investigation expected mid-July.I am certainly not an expert on the insurance industry, but it seems to me that even if BMW has a fix already waiting to deploy, they may be unable to do anything until Thatcham has finished picking over the issue. After all, the security system on the cars is currently Thatcham-approved (for what little that's worth) and a change to it would put that approval in question.
The worst case for BMW would be if Thatcham issued a 'delete notice' saying the security system was no longer on the approved list. If that happened (and I'm not saying it's likely - I just don't know enough about it) then insurers would not just be raising premiums, they'd be refusing to insure.
I guess - and again I stress guess- that considerations of this kind weigh heavily with BMW. No idea how this is playing out in mainland Europe: pesumably BMW has to concern itself not just with Thatcham but the TUV in Germany and goodness knows who else before they can deploy changes.
My thanks too to WeirdNeville for an extremely helpful post. Perhaps he or someone else with real knowledge can shed light on the aspects I mention.
For the people that have had there cars stolen using this method, do you think they will have a case in seeking compensation directly from BMW? This will financially hit victims hard in terms of lower than value insurance payouts, potential loss of no claims discount and increased insurance premiums for several years, not to mention stress, all because of BMWs incompetence in building a security system capable of replicating or creating new keys.
mrmr96 said:
ian_cab28 said:
Could even fit and leave the 100+ Volt inverted AC pin that way !!
In all seriousness, a few people have posted suggesting similar. My reluctance would be three fold:1 It's clearly a joke.
2 If you fried a crims device, then they will burn your car/house.
3 If you fried a garages diag machine, you'll be £20-30k out of pocket buying them a new one.
Putting a hidden switch may be safer, as that would just simulate a broken wire.
Idea of reversing the pins and then fitting an inline re-reverser (un-reverser?) is good.
Matgoodwin said:
For the people that have had there cars stolen using this method, do you think they will have a case in seeking compensation directly from BMW? This will financially hit victims hard in terms of lower than value insurance payouts, potential loss of no claims discount and increased insurance premiums for several years, not to mention stress, all because of BMWs incompetence in building a security system capable of replicating or creating new keys.
What we need is for a top-flight barrister specialising in commercial litigation to have his car nicked. Mind you, I have the feeling that not many of them drive BMWs: not quite the thing in such circles. Their wives and children might.A good lawyer might give it a shot, but such a case would be vigorously defended and I guess the presumption would be against success. After all, a car manufacturer just has to argue that no security system can ever give 100% protection against theft. Has a case of this kind ever been brought, let alone won? Again, I am outside my area of expertise.
On the other hand, the case would be highly embarrassing for BMW.
Forgive me if this comes across as mealy mouthed, and I am no BMW apologist, but if we could deal with this by way of analogy:
You buy a door for your house. It is a secure door. They're popular because they're nice oak doors so quite a few people have them. Then, some criminal burgling scum realises that a particular 24" crowbar pops these doors open with relative ease, and in short order a number of these doors are being opened and goods are being stolen.
Would you have a claim over the maker of the door?
I think not.
BMW's are secure cars - as secure as anything else anyway. Evidently there is something in the way their security system works which means they are subject to these thefts. I don't doubt for one minute that Mercs and Audis haven't been tried along similar lines - but for whatever reason the criminals have not been sucessful in developing these tools for those marques. Could be lack of information (encrypion keys, access to the CAS ,just some software/hardware feature of BMW's that means this expolit exists who knows)?
That's all this device is, it's an electronic crowbar for the CAS system on BMW's. It's not like BMW have sold a car that starts and drives on a screwdriver. Significant time and money has been invested in creating this tool. You can't (IMO) hold bmw responsible for the fact criminals have devised this tech. There is no glaring security flaw. BMw are smart - it's just that the criminals have outsmarted them in one aspect.
Lets not forget that you still have to physically gain access to the interior of the car, and in most cases this looks to be done by force.
And i don't think anyone has been sucessful in respect of Scooters geting nicked, and the security on those really is laughable. You can nick them with a teaspoon....
Of course BMW have a response, And it is my understanding that cars rolling off production lines now are not vulnerable in this way.
But consider this: If you want to completely download new software onto a BMW, it takes several hours connected to the BMW iagnositics computer to download and reinstall a full software package. Multiply that by the number of affected cars, divide by the number of terminals available to do this work, and you end up with a huge number. A full scale recall, even if this IS fixable in software, is unlikely IMO.
You buy a door for your house. It is a secure door. They're popular because they're nice oak doors so quite a few people have them. Then, some criminal burgling scum realises that a particular 24" crowbar pops these doors open with relative ease, and in short order a number of these doors are being opened and goods are being stolen.
Would you have a claim over the maker of the door?
I think not.
BMW's are secure cars - as secure as anything else anyway. Evidently there is something in the way their security system works which means they are subject to these thefts. I don't doubt for one minute that Mercs and Audis haven't been tried along similar lines - but for whatever reason the criminals have not been sucessful in developing these tools for those marques. Could be lack of information (encrypion keys, access to the CAS ,just some software/hardware feature of BMW's that means this expolit exists who knows)?
That's all this device is, it's an electronic crowbar for the CAS system on BMW's. It's not like BMW have sold a car that starts and drives on a screwdriver. Significant time and money has been invested in creating this tool. You can't (IMO) hold bmw responsible for the fact criminals have devised this tech. There is no glaring security flaw. BMw are smart - it's just that the criminals have outsmarted them in one aspect.
Lets not forget that you still have to physically gain access to the interior of the car, and in most cases this looks to be done by force.
And i don't think anyone has been sucessful in respect of Scooters geting nicked, and the security on those really is laughable. You can nick them with a teaspoon....
Of course BMW have a response, And it is my understanding that cars rolling off production lines now are not vulnerable in this way.
But consider this: If you want to completely download new software onto a BMW, it takes several hours connected to the BMW iagnositics computer to download and reinstall a full software package. Multiply that by the number of affected cars, divide by the number of terminals available to do this work, and you end up with a huge number. A full scale recall, even if this IS fixable in software, is unlikely IMO.
WeirdNeville said:
But consider this: If you want to completely download new software onto a BMW, it takes several hours connected to the BMW iagnositics computer to download and reinstall a full software package.
It can be worse than that. If a full update is required and things don't go smoothly, they leave the software update running overnight and it costs more than a day's time. On the other hand, if it's a case of recoding a single module, it can be very quick. Then again, changing one module sometimes (not always) requires recoding the whole car.WeirdNeville said:
A full scale recall, even if this IS fixable in software, is unlikely IMO.
Agreed.Good posts by weirdneville,although whilst I thought I would be flying under the radar with my derv E91 it seems not.
A) WN posts diesels of all engine sizes are going.
B) The E91 is like rocking horse poo around here whilst there is plenty of saloons around.
I have used a disklok since the day I bought it,looks like more prevention meausures are required.Good things going for me are the driveway is hidden from the road and parking at work is secure.
Might even take my idea of buying an older E39 big engined petrol 6 pot a bit more seriously rather than window shopping.
A) WN posts diesels of all engine sizes are going.
B) The E91 is like rocking horse poo around here whilst there is plenty of saloons around.
I have used a disklok since the day I bought it,looks like more prevention meausures are required.Good things going for me are the driveway is hidden from the road and parking at work is secure.
Might even take my idea of buying an older E39 big engined petrol 6 pot a bit more seriously rather than window shopping.
WeirdNeville said:
There is no glaring security flaw. BMw are smart
Correct me if I'm wrong here, but this does look a bit like a glaring security flaw. I would have thought that the basics of public/private key encryption would dictate that the car would have a public encyption key to be used daily, but coding a door key would require use of a private key for that car, held securely in Bavaria? All it would require is that the key coding device has a connection to Germany during the coding, and stolen key coders barred from access. An A Level student could come up with more secure architecture than BMW appear to have employed. Have I got that right or wrong?
Tea Pot One said:
I think putting a disclok on at Tesco's is a bit OTT ... but each to their own I guess.
Personally, I hate the bloody things and if I end up getting a coupe I will simply put a switch on the OBD port or remove the port entirely. I don't however think its overtop for tesco as several cars have gone missing from train station cars parks which are just as public/busy.
Well further to what i was saying earlier that i didnt think it was as big a deal as some were making out, i have a good friend and client who works as the head of quality for the largest police force in the UK (i wont say which one) and they have lots of BMW police cars. They were alerted to this problem which is pretty serious for them as lots of their BMW cars (plain and marked) are firearms cars - so as a result they have altered their proceedures when leaving the cars due to this issue.
My understanding of why this affects BMWs is because they dont scramble the security codes whereas other makes like Mercedes have the code scrambled each time you lock / unlock it.
My understanding of why this affects BMWs is because they dont scramble the security codes whereas other makes like Mercedes have the code scrambled each time you lock / unlock it.
Edited by premio on Monday 4th June 10:50
Tea Pot One said:
I think putting a disclok on at Tesco's is a bit OTT ... but each to their own I guess.
Why's that? How many people on here have their cars keyed/hit in Tesco and then the "security camera's weren't working that day" or "the camera's weren't pointing in that direction".If I was a thief, I reckon Tesco's would be a safer bet than a driveway at 3am in the morning.
mrmr96 said:
WeirdNeville said:
There is no glaring security flaw. BMw are smart
Correct me if I'm wrong here, but this does look a bit like a glaring security flaw. I would have thought that the basics of public/private key encryption would dictate that the car would have a public encyption key to be used daily, but coding a door key would require use of a private key for that car, held securely in Bavaria? All it would require is that the key coding device has a connection to Germany during the coding, and stolen key coders barred from access. An A Level student could come up with more secure architecture than BMW appear to have employed. Have I got that right or wrong?
It beggars belief that a company like BMW could not have seen something like this coming with the process they have.
NelsonR32 said:
Why's that? How many people on here have their cars keyed/hit in Tesco and then the "security camera's weren't working that day" or "the camera's weren't pointing in that direction".
If I was a thief, I reckon Tesco's would be a safer bet than a driveway at 3am in the morning.
I don't go to Tesco's for the reasons you mention ... I would not, however, be bothered if I did at the thought of my car being pinched from there as I think it highly unlikely. The stats are showing that a good portion of the thefts are at night and not in busy places. Station car parks are not like a shop where visits are fairly brief. If I was a thief, I reckon Tesco's would be a safer bet than a driveway at 3am in the morning.
Most of the people arrested for this are being caught doing it overnight.
FWIW I have and use a disklok on my BMW ... but there is a balance and I still want to be able to enjoy my car without the hassle of constantly using a device of the sort I haven't used in maybe 20 years !!
mrmr96 said:
Correct me if I'm wrong here, but this does look a bit like a glaring security flaw. I would have thought that the basics of public/private key encryption would dictate that the car would have a public encyption key to be used daily, but coding a door key would require use of a private key for that car, held securely in Bavaria? All it would require is that the key coding device has a connection to Germany during the coding, and stolen key coders barred from access. An A Level student could come up with more secure architecture than BMW appear to have employed.
Have I got that right or wrong?
I mentioned that in a previous post a while ago - and was told I basically don't know what I'm talking about. I spend most of my day ensuring Internet based systems are secure - but apparently cars work with 'black magic' that's far more complex than a SaaS infrastructure Have I got that right or wrong?
Someone has screwed up somewhere.
Tea Pot One said:
I don't go to Tesco's for the reasons you mention ... I would not, however, be bothered if I did at the thought of my car being pinched from there as I think it highly unlikely. The stats are showing that a good portion of the thefts are at night and not in busy places. Station car parks are not like a shop where visits are fairly brief.
Most of the people arrested for this are being caught doing it overnight.
FWIW I have and use a disklok on my BMW ... but there is a balance and I still want to be able to enjoy my car without the hassle of constantly using a device of the sort I haven't used in maybe 20 years !!
Fair enough. I dont own or use one, but I drive an Audi. I'm looking at a BMW next and I still won't be using one. They are a royal pain in the arse. Most of the people arrested for this are being caught doing it overnight.
FWIW I have and use a disklok on my BMW ... but there is a balance and I still want to be able to enjoy my car without the hassle of constantly using a device of the sort I haven't used in maybe 20 years !!
I will just put a switch on the OBD and possibly black jax.
Gassing Station | BMW General | Top of Page | What's New | My Stuff