New BMW's getting stolen using blank BMW keys
Discussion
Timbuk2 said:
Why don't people who are worried disconnect the OBD port or wire it up to a hidden switch so it can be enabled for servicing? Would that work?
My guess is that a lot of people like myself don't want to start pulling apart the interior of their cars for risk of voiding their warranty. Also, most people would not be accomplished enough to start adding switches into the wiring of the car.There is surely a simple way to resolve this...BMW need to change the software so that unless an existing key is present, the OBD port is completely dead and can't be communicated with.
This would mean that independant dealers would still be able to service BMWs (because the owner would obviously leave the key with them) and undesirable scrotes would at least need a key to access the OBD port.
MaxPayne said:
There is surely a simple way to resolve this...BMW need to change the software so that unless an existing key is present, the OBD port is completely dead and can't be communicated with.
The flip side of this would be that if you lost both of your keys the dealer would need to replace one or more electronics modules before he could provide new keys. But perhaps this is a price worth paying?AW10 said:
The flip side of this would be that if you lost both of your keys the dealer would need to replace one or more electronics modules before he could provide new keys. But perhaps this is a price worth paying?
I guess that's true but how many people lose both keys? One key maybe, but I would think very, very rarely would anyone lose both keys.My spare key never leaves the house and so there's almost 0% chance of it getting lost.
AW10 said:
MaxPayne said:
There is surely a simple way to resolve this...BMW need to change the software so that unless an existing key is present, the OBD port is completely dead and can't be communicated with.
The flip side of this would be that if you lost both of your keys the dealer would need to replace one or more electronics modules before he could provide new keys. But perhaps this is a price worth paying?RichardM5 said:
I might be wrong, but I believe this is the issue due to some piece of EU legislation that requires an independent to be able to replace lost keys.
I don't know if that is true or not, but it seems to leave a pretty big "black hole" in the security system of a car just for the benefit of independant dealers.If you own a BMW and lose both keys, then you should have to go back to BMW to have whatever modules replaced so that you can purchase 2 new keys.
MaxPayne said:
Timbuk2 said:
Why don't people who are worried disconnect the OBD port or wire it up to a hidden switch so it can be enabled for servicing? Would that work?
My guess is that a lot of people like myself don't want to start pulling apart the interior of their cars for risk of voiding their warranty. Also, most people would not be accomplished enough to start adding switches into the wiring of the car.There is surely a simple way to resolve this...BMW need to change the software so that unless an existing key is present, the OBD port is completely dead and can't be communicated with.
This would mean that independant dealers would still be able to service BMWs (because the owner would obviously leave the key with them) and undesirable scrotes would at least need a key to access the OBD port.
Timbuk2 said:
Well if I thought my car was in danger of being stolen I would definately have an auto electrics firm disconnect or put a hidden switch to the OBD port so this couldn't happen! Thankfully mine is old enough to have a proper key
...and if my car was out of warranty, it's something I'd possibly consider, but not something I'm willing to do at the moment.I don't think car owners should be forced to take such action because of a major flaw in the electronics of the car.
I still think car manufacturers should be able to completely disable the OBD port unless a key is present. Once again, it's barmy ruling from the EU that's caused this situation (in my opinion).
MaxPayne said:
Timbuk2 said:
Well if I thought my car was in danger of being stolen I would definately have an auto electrics firm disconnect or put a hidden switch to the OBD port so this couldn't happen! Thankfully mine is old enough to have a proper key
...and if my car was out of warranty, it's something I'd possibly consider, but not something I'm willing to do at the moment.I don't think car owners should be forced to take such action because of a major flaw in the electronics of the car.
I still think car manufacturers should be able to completely disable the OBD port unless a key is present. Once again, it's barmy ruling from the EU that's caused this situation (in my opinion).
The 180 odd pages of this thread suggest to me it would appear that manufacturer, BMW, does not. Therefore there will be no change. Which IMO is a great pity but as the cars are still selling change seems unlikely.
You are right.Euro 5 legislation allows third party access to the obd.Unfortunately,no car is safe that uses this technology and that includes new BMWs including F series models.
There are currently on sale,devices for reprogramming keys for this model,new Range Rovers,Audis,Jaguars etc etc-the list is vast.
These are expensive to buy-thousands of pounds,but are available to hire from criminals,to criminals.
If people are worried about moving their obd due to warranty issues-don't.I had mine move and the void filled with a dummy,a couple of years ago.There are no issues with this affecting your warranty.I have an extended OEM warranty and this has caused no issues at all while having warranty work completed.This includes where the obd was in need to be accessed by the dealership.
My advise is to go back to basics and use a combination of new technology-ie Clifford Blackjax,High end alarm(Viper gets good reviews).I would mix this with old tech such as a full disc lock and other methods.
Another good bit of kit that I've seen recently,is an obd lock.The obd is removed from its housing and encased in a steel case that is repositioned and secured elsewhere.This is accessible via a key.
Obd theft is here to stay and at the moment,no car is safe.The tech is moving quicker than efforts to thwart it.
The argument of "why should we-I expect my car to be secure from the factory!" Is now a redundant one.We all have to be pro active and takes steps ourselves.
There are currently on sale,devices for reprogramming keys for this model,new Range Rovers,Audis,Jaguars etc etc-the list is vast.
These are expensive to buy-thousands of pounds,but are available to hire from criminals,to criminals.
If people are worried about moving their obd due to warranty issues-don't.I had mine move and the void filled with a dummy,a couple of years ago.There are no issues with this affecting your warranty.I have an extended OEM warranty and this has caused no issues at all while having warranty work completed.This includes where the obd was in need to be accessed by the dealership.
My advise is to go back to basics and use a combination of new technology-ie Clifford Blackjax,High end alarm(Viper gets good reviews).I would mix this with old tech such as a full disc lock and other methods.
Another good bit of kit that I've seen recently,is an obd lock.The obd is removed from its housing and encased in a steel case that is repositioned and secured elsewhere.This is accessible via a key.
Obd theft is here to stay and at the moment,no car is safe.The tech is moving quicker than efforts to thwart it.
The argument of "why should we-I expect my car to be secure from the factory!" Is now a redundant one.We all have to be pro active and takes steps ourselves.
MaxPayne said:
...and if my car was out of warranty, it's something I'd possibly consider, but not something I'm willing to do at the moment.
I don't think car owners should be forced to take such action because of a major flaw in the electronics of the car.
I still think car manufacturers should be able to completely disable the OBD port unless a key is present. Once again, it's barmy ruling from the EU that's caused this situation (in my opinion).
If it was done well, just one important wire with a well hidden 1/0 switch for example would BMW be able to tell unless they found the switch?I don't think car owners should be forced to take such action because of a major flaw in the electronics of the car.
I still think car manufacturers should be able to completely disable the OBD port unless a key is present. Once again, it's barmy ruling from the EU that's caused this situation (in my opinion).
JimmyTheHand said:
looks like some security researchers think there are security issues in the new i3 Link
Regrettably I find myself asking why does that not surprise me. Probably because I have read all the pages in this thread as they have been posted and learnt from this that the BMW security is weak. Apparently getting weaker. I hope at some point BMW will wake up to how disastrous this could be. Not as yet it would seem.Steffan said:
Regrettably I find myself asking why does that not surprise me. Probably because I have read all the pages in this thread as they have been posted and learnt from this that the BMW security is weak. Apparently getting weaker. I hope at some point BMW will wake up to how disastrous this could be. Not as yet it would seem.
It isn't just BMW, it seems pretty much every company seems to put security as a low priority and vast majority of coders seem blind to how people can break into their application. I think it will take a major company going bankrupt because of poor security to change this attitudeJimmyTheHand said:
Steffan said:
Regrettably I find myself asking why does that not surprise me. Probably because I have read all the pages in this thread as they have been posted and learnt from this that the BMW security is weak. Apparently getting weaker. I hope at some point BMW will wake up to how disastrous this could be. Not as yet it would seem.
It isn't just BMW, it seems pretty much every company seems to put security as a low priority and vast majority of coders seem blind to how people can break into their application. I think it will take a major company going bankrupt because of poor security to change this attitudeMore security problems for BMW - this time flaws with the i8.
http://www.theregister.co.uk/2014/05/27/bmw_passwo...
When will BMW take their car security seriously. I can see BBC Watchdog getting all over this one.
http://www.theregister.co.uk/2014/05/27/bmw_passwo...
When will BMW take their car security seriously. I can see BBC Watchdog getting all over this one.
What's the incentive for them to improve security. If a car gets stolen, another new one gets sold. It may not be the same brand, but as all cars are affected, it doesn't matter. Disaffected BMW owner defects to Audi. Disaffected Audi owner defects to Mercedes. Disaffected Mercedes owner defects to BMW.
The car companies only care about the first purchaser. Who are they? They are mostly businesses, hire companies and leasing companies. It's only when the 2nd-hand value of the cars are affected will the car companies react.
Hypothetical Example: A new BMW costs Joe Public £25k, but can be bought for £17k if bought in bulk. Six months and 5k miles later and it will sell at auction for £15k. If the auction sell price fell to £10k, the bottom would fall out of the lease car business model. Lease companies could no longer afford to pay BMW £17k in the first place. BMW would need to react.
As long as people pay what they do, there is no reason for BMW to change its ways, unless there is a public outcry, and that's not very likely.
The car companies only care about the first purchaser. Who are they? They are mostly businesses, hire companies and leasing companies. It's only when the 2nd-hand value of the cars are affected will the car companies react.
Hypothetical Example: A new BMW costs Joe Public £25k, but can be bought for £17k if bought in bulk. Six months and 5k miles later and it will sell at auction for £15k. If the auction sell price fell to £10k, the bottom would fall out of the lease car business model. Lease companies could no longer afford to pay BMW £17k in the first place. BMW would need to react.
As long as people pay what they do, there is no reason for BMW to change its ways, unless there is a public outcry, and that's not very likely.
Gassing Station | BMW General | Top of Page | What's New | My Stuff