New BMW's getting stolen using blank BMW keys
Discussion
c7xlg said:
No offence intended, though my comment still stands. A sub £60K BMW is not high end in the scale of the BMW world, let along a £40K 3-series.
It does make an interesting talking point about the 'steal to order' and targeted theft markets appearing to be aiming at mid-range, or low end BMWs rather than the top end. Possibly as the top end are too rare to find, too rare to shift on or too liklely to have trackers fitted.
It's a relative interpretation of high-end. But ironically most of the "high end" BMWs that cost the most (old-man 5/6/7-series (eg 730D SE at £60k), Ms excepted) are perhaps not desirable to thieves and those who want to buy a stolen car. I'd say a 1M and M3s are the most desirable current BMWs and highly likely to have a tracker fitted.It does make an interesting talking point about the 'steal to order' and targeted theft markets appearing to be aiming at mid-range, or low end BMWs rather than the top end. Possibly as the top end are too rare to find, too rare to shift on or too liklely to have trackers fitted.
I'm sure that no one is underestimating the issue, but the theft of BMW's is now at an epidemic level.
It is a BMW issue,across the board on cars using the can bus 'block' type key,across the range.I would suggest that the more 'mainstream' models and not M vehicles are a better target as the parts are easier to sell on as there is a bigger and ready market.Thats not to say that an M vehicle isnt a target,its just harder to move about before disposal,whether on false plates or not.
The risks of using V5 documents to get duplicate keys from a dealership,is a thing of the past.
They are being stolen as follows.
Thief targets your car and will either gain access via smashing the window or jamming the signal when you come to lock it.Jammers are cheap when compared with the profit on selling your car on as parts etc,so a thief may even leave one concealed near to where your car is normally parked-pre-emptying your and subsequently,their return.
Access is gained to your car and obd equipment is plugged into the port which reads the data that the key uses to 'communicate' with the car and vice versa.This takes seconds.
A blank BMW key (mostly manufactured in China and bought for a few pounds) is then programmed with this data.
Your car is driven away,all within minutes and stripped or exported.
Don't confuse any of this with the copying of the signal transmitted from the key,as used to happen pre-Thatcham.Random encryption solved that problem but this new wave seems to have created a new gap in the system.
Regarding jammers,they are also being used more commonly as the audible arm/disarm feature has been deactivated on bmw's.Unfortunately,too many owners just assume that their cars have been locked without checking.
As mentioned,Autologic software can re-enable the arm/disarm chirp in seconds(I have just had this done on my vehicle).
The same jammers will also work
To block any Tracker signals.
Comfort access has its own problems as on some systems,this tends to 'work' at quite a distance and this signal can easily be copied and retransmitted to allow access to your car.
The jury is still out as to whether this will allow your car to be driven away due to the different operating systems,but I believe that some manufacturers aren't pushing comfort access as an option.
Sorry for the waffle,but I thought that as it was being discussed,I would put a lengthy explanation.
BMW are well aware of the issue and it seems,are quite happy to fob off their customers.
It is a BMW issue,across the board on cars using the can bus 'block' type key,across the range.I would suggest that the more 'mainstream' models and not M vehicles are a better target as the parts are easier to sell on as there is a bigger and ready market.Thats not to say that an M vehicle isnt a target,its just harder to move about before disposal,whether on false plates or not.
The risks of using V5 documents to get duplicate keys from a dealership,is a thing of the past.
They are being stolen as follows.
Thief targets your car and will either gain access via smashing the window or jamming the signal when you come to lock it.Jammers are cheap when compared with the profit on selling your car on as parts etc,so a thief may even leave one concealed near to where your car is normally parked-pre-emptying your and subsequently,their return.
Access is gained to your car and obd equipment is plugged into the port which reads the data that the key uses to 'communicate' with the car and vice versa.This takes seconds.
A blank BMW key (mostly manufactured in China and bought for a few pounds) is then programmed with this data.
Your car is driven away,all within minutes and stripped or exported.
Don't confuse any of this with the copying of the signal transmitted from the key,as used to happen pre-Thatcham.Random encryption solved that problem but this new wave seems to have created a new gap in the system.
Regarding jammers,they are also being used more commonly as the audible arm/disarm feature has been deactivated on bmw's.Unfortunately,too many owners just assume that their cars have been locked without checking.
As mentioned,Autologic software can re-enable the arm/disarm chirp in seconds(I have just had this done on my vehicle).
The same jammers will also work
To block any Tracker signals.
Comfort access has its own problems as on some systems,this tends to 'work' at quite a distance and this signal can easily be copied and retransmitted to allow access to your car.
The jury is still out as to whether this will allow your car to be driven away due to the different operating systems,but I believe that some manufacturers aren't pushing comfort access as an option.
Sorry for the waffle,but I thought that as it was being discussed,I would put a lengthy explanation.
BMW are well aware of the issue and it seems,are quite happy to fob off their customers.
Edited by Billyray911 on Saturday 10th March 02:58
stevesuk said:
Don't know how easy it is on newer BMWs, but I can disconnect the ODB socket/connector on my E46 from its housing and tuck the wiring up out of the way under the dash really easily (just a few screws to drop the trim panel it sits in).
I guess if you do that, it will confuse whoever is trying to connect their equipment to it to steal your car until the alarm is raised, or they get spooked and give up?
Of course, you'd have to remember to put it back before it was serviced or you needed to do some kind of fault diagnosis :-)
Better yet, tuck the "real" J1962 connector up out of the way, and fit one with the CANH and CANL pins connected to a small 400v capacitor. Anyone plugging in a scan tool will then have their tool permanently "deactivated" !!I guess if you do that, it will confuse whoever is trying to connect their equipment to it to steal your car until the alarm is raised, or they get spooked and give up?
Of course, you'd have to remember to put it back before it was serviced or you needed to do some kind of fault diagnosis :-)
(but yes, remember to tell your dealer, or they might be none to please with you......... ;-)
Max_Torque said:
Better yet, tuck the "real" J1962 connector up out of the way, and fit one with the CANH and CANL pins connected to a small 400v capacitor. Anyone plugging in a scan tool will then have their tool permanently "deactivated" !!
(but yes, remember to tell your dealer, or they might be none to please with you......... ;-)
Although I don't understand what the hell all that meant technically, I get the picture and am absolutely loving the sense of revenge/spite (but yes, remember to tell your dealer, or they might be none to please with you......... ;-)
AOK said:
Max_Torque said:
Better yet, tuck the "real" J1962 connector up out of the way, and fit one with the CANH and CANL pins connected to a small 400v capacitor. Anyone plugging in a scan tool will then have their tool permanently "deactivated" !!
(but yes, remember to tell your dealer, or they might be none to please with you......... ;-)
Although I don't understand what the hell all that meant technically, I get the picture and am absolutely loving the sense of revenge/spite (but yes, remember to tell your dealer, or they might be none to please with you......... ;-)
Within that connector are pins for power and ground, and pins on which data is transfered between the cars electronic control units (ECU's) and the "scan tool" (a small handheld device that is used to interogate the various ECU's).
On a modern car this data is transfered using a standardised Control Area Network system (CAN for short). CAN is a 2 wire differential signalling protocol. In effect it uses the voltage difference between to wires to signify a 1 or a 0. In order for the scan tool to talk on the CAN wires (CAN high, and CAN low) it uses a small solid state transceiver to convert the signals to the correct voltage. (typically 8 to 15 volts)
This transceiver will be protected against + or - 40v continuously, and up to 3,000V transiently (to protect against static electricity shocks). But, it can't survive much over 100V for longer than a few milliseconds. So if you used a capacitor charged to say 200 to 400v you could easily cause the transciever to fail, and destoying the thiefs method of stealing your car at the same time !
Max_Torque said:
This transceiver will be protected against + or - 40v continuously, and up to 3,000V transiently (to protect against static electricity shocks). But, it can't survive much over 100V for longer than a few milliseconds. So if you used a capacitor charged to say 200 to 400v you could easily cause the transciever to fail, and destoying the thiefs method of stealing your car at the same time !
How does the cap get charged to 400v though?eliot said:
Max_Torque said:
This transceiver will be protected against + or - 40v continuously, and up to 3,000V transiently (to protect against static electricity shocks). But, it can't survive much over 100V for longer than a few milliseconds. So if you used a capacitor charged to say 200 to 400v you could easily cause the transciever to fail, and destoying the thiefs method of stealing your car at the same time !
How does the cap get charged to 400v though?As mentioned, i suspect that simply fitting a "fake" connector, that is not connected to anything, or just push out one of the CAN pins and zip tie it back to the loom (so their tool powers up normally, but simply can't communicate with the car) would be enough. I can't immagine a thief hanging around with their head stuck in the (dark)footwell trying to sort out the wiring for too long!
I just like the idea of "knobbling" their expensive kit ;-)
A policewoman knocked on the door and warned us about 6 weeks ago, due the number of new BMW's stolen, they were walking down the street, looking for BMW's and advising putting crook locks on.
Mine's an e46 and I'm not sure she realised it wasn't new enough to be affected with the same issue, but I still put a crook lock on now if it sits on the drive for a while.
Mine's an e46 and I'm not sure she realised it wasn't new enough to be affected with the same issue, but I still put a crook lock on now if it sits on the drive for a while.
0836whimper said:
..I still put a crook lock on now if it sits on the drive for a while.
I vividly remember going to the police station with my Dad after his MkII Cortina was knicked (you could open and and start it with anything that even looked like a key) and the desk sergeant asked if he'd put the Krook-Lock on and he said "I was only leaving it for a minute".According to some posters, these BMWs are remaining unlocked due to jammers so that means they're likely to be knicked within a couple of mins of being parked - that time scale is absolutely classic for car theft.
Munter said:
Cheib said:
Munter said:
Cheib said:
Just a thought to stop the jamming when you transmit the lock signal. I have Comfort Access on my E70 X5 and always lock my car by swiping my finger on the touch pad on the door handle....I wonder if that makes it harder for the thieves ? Given you need to be standing pretty close to the car for it to work presumably the signal the key emits is not strong enough for it to be "grabbed" ?
Not sure you have grasped the concept. The signal from the key is jammed. E.g. the weaker the signal from the key the mor likely it is to be affected by someone jamming it's signal. When you swipe how do you know the car is locked?Now the other option would be that when the key is activated the crims "grab" the code from the signal. (No jamming involved). However the codes change each time the key is used, so they have to figure out what the next code will be.
Easier to just block the key and car from talking and walk up to an open car.
Comfort access works by sensing the key is close to the car...so rather than the key transmitting a specific signal the car knows the key is close by and opens the lock when you grasp the handle. Be interesting to know how it works....I can't imagine the key is constantly transmitting as that would run the battery down.....I know the car has aerials built into it to sense the key....but that's pretty much all I do know.
on the 2nd item
Your only feedback to the car locking appears to be similar to those given by many cars. I asked how you know in case it was different. From your description it's not. So we can expect the same problems with cars being left unlocked. People do not seem to realise the lights didn't flash, and the locks didn't go clunk when they press the lock button. You may force yourself to check. (I know I try to). But many people clearly do not. They assume if the press the button it's worked. I see no reason why if people swipe they will not also simply assume it's worked in the same way. The question is how does the car react if you swipe and the signal from the key is jammed? Will it let anybody swipe to lock the car regardless of the key's signal or not?
I would think your key charges from the car, and "listens" constantly for your cars signal. When it's in range it'll transmit it's presence back to the car.
The difference with the comfort access is that I am standing right next to the car so I have much clearer feedback aural feedback than someone pressing the button on their key 20 feet away. So we clearly shouldn't expect the same problems with cars being unlocked.
As I said I don't know how it works but even if they key does transmit a signal it is clearly a very low powered one as the comfort access function does not work unless you are very close to the car for obvious reasons....i.e. it shouldn't work if the keys are hanging on a hook in the hallway.
My '55 plate 530d just got nicked in the same way from Edgbaston (Birmingham), I'd had it less than 2 months. I don't think the alarms go off when just the window is smashed, and from what I've heard it's always the driver's window. A friend of a friend's 1 series was taken from the reservoir a couple of days ago. It was found 4 hours later in Merry Hill using its Tracker, completely stripped bare. Just 4 hours.
This is a massive problem in Birmingham, where these guys are actively targeting.. and they are taking them every single day.
At least they were thoughtful enough to fling my jumper onto the floor, from its previous home on my back seat.. it doesn't quite make up for my sister's 23 years no claims though! D'oh..
This is a massive problem in Birmingham, where these guys are actively targeting.. and they are taking them every single day.
At least they were thoughtful enough to fling my jumper onto the floor, from its previous home on my back seat.. it doesn't quite make up for my sister's 23 years no claims though! D'oh..
Munchy said:
My '55 plate 530d just got nicked in the same way from Edgbaston (Birmingham), I'd had it less than 2 months. I don't think the alarms go off when just the window is smashed, and from what I've heard it's always the driver's window. A friend of a friend's 1 series was taken from the reservoir a couple of days ago. It was found 4 hours later in Merry Hill using its Tracker, completely stripped bare. Just 4 hours.
This is a massive problem in Birmingham, where these guys are actively targeting.. and they are taking them every single day.
At least they were thoughtful enough to fling my jumper onto the floor, from its previous home on my back seat.. it doesn't quite make up for my sister's 23 years no claims though! D'oh..
Sorry to hear about your car-post the details up,it may not have been stripped yet.This is a massive problem in Birmingham, where these guys are actively targeting.. and they are taking them every single day.
At least they were thoughtful enough to fling my jumper onto the floor, from its previous home on my back seat.. it doesn't quite make up for my sister's 23 years no claims though! D'oh..
Re the alarm not going off when the window is smashed-a lot of bmw owners are pressing the alarm fob 'lock' button twice.On other vehicles and in the past,this may (have) activate(d) the deadlocks.
However,on the BMW,it deactivates the interior sensors so that you can leave your pets etc in your vehicle without triggering the alarm.
This therefore means that when the glass is broken,the alarm will not sound.
Billyray911 said:
Sorry to hear about your car-post the details up,it may not have been stripped yet.
Re the alarm not going off when the window is smashed-a lot of bmw owners are pressing the alarm fob 'lock' button twice.On other vehicles and in the past,this may (have) activate(d) the deadlocks.
However,on the BMW,it deactivates the interior sensors so that you can leave your pets etc in your vehicle without triggering the alarm.
This therefore means that when the glass is broken,the alarm will not sound.
Very useful info, it's quite possible that people press it twice just to make sure/deadlock. I wanted to buy another '55 5 series but it would probably just get taken again no matter what security I put on it, they have tools and software for everything.Re the alarm not going off when the window is smashed-a lot of bmw owners are pressing the alarm fob 'lock' button twice.On other vehicles and in the past,this may (have) activate(d) the deadlocks.
However,on the BMW,it deactivates the interior sensors so that you can leave your pets etc in your vehicle without triggering the alarm.
This therefore means that when the glass is broken,the alarm will not sound.
Car info: PK55 FHR, 530d in Carbon Black
Gutted.
Gassing Station | BMW General | Top of Page | What's New | My Stuff