New BMW's getting stolen using blank BMW keys
Discussion
stuart-b said:
mrmr96 said:
Correct me if I'm wrong here, but this does look a bit like a glaring security flaw. I would have thought that the basics of public/private key encryption would dictate that the car would have a public encyption key to be used daily, but coding a door key would require use of a private key for that car, held securely in Bavaria? All it would require is that the key coding device has a connection to Germany during the coding, and stolen key coders barred from access. An A Level student could come up with more secure architecture than BMW appear to have employed.
Have I got that right or wrong?
I mentioned that in a previous post a while ago - and was told I basically don't know what I'm talking about. I spend most of my day ensuring Internet based systems are secure - but apparently cars work with 'black magic' that's far more complex than a SaaS infrastructure Have I got that right or wrong?
Someone has screwed up somewhere.
The affected owners need to find an effective group approach. Serious letters from the likes of Mishcon De Rea, or other London heavyweight lawyers like Herbert Smith or Clifford Chance must be the most effective way.
The mere threat of litigation, against which BMW are going to struggle, ought to bring a change of attitude. I do not think the case would ever need to be heard, just the threat, in circumstances where the lack of security is so clearly the manufacturers responsibility, ought to suffice.
Surely worth a try? I cannot believe unauthorised alteration to the settings of the electronic systems are the best way forward.
NelsonR32 said:
Nope, you are spot on. Mercedes and VW/Audi both have to link up with Germany in order to code a new key and a new key also has to be ordered encoded with the chassis number beforehand.
It beggars belief that a company like BMW could not have seen something like this coming with the process they have.
Great idea, but what's the backup if the server is down or the company does a Rover/ Saab and the servers are no longer available? It beggars belief that a company like BMW could not have seen something like this coming with the process they have.
Tea Pot One said:
I don't go to Tesco's for the reasons you mention ... I would not, however, be bothered if I did at the thought of my car being pinched from there as I think it highly unlikely. The stats are showing that a good portion of the thefts are at night and not in busy places. Station car parks are not like a shop where visits are fairly brief.
Most of the people arrested for this are being caught doing it overnight.
FWIW I have and use a disklok on my BMW ... but there is a balance and I still want to be able to enjoy my car without the hassle of constantly using a device of the sort I haven't used in maybe 20 years !!
The hassle would be much less than the embarrassment of telling the Police that you didn't use the disklok as you were only leaving the car for a minute, as my Dad had to when his Cortina got knicked from outsite a shop after he hadn't put the Krooklok on.Most of the people arrested for this are being caught doing it overnight.
FWIW I have and use a disklok on my BMW ... but there is a balance and I still want to be able to enjoy my car without the hassle of constantly using a device of the sort I haven't used in maybe 20 years !!
Deva Link said:
The hassle would be much less than the embarrassment of telling the Police that you didn't use the disklok as you were only leaving the car for a minute, as my Dad had to when his Cortina got knicked from outsite a shop after he hadn't put the Krooklok on.
There is a balance ... I am quite happy - given the information I know re these thefts ... to leave the car in a busy Tesco car park during the day ... not that I would put my E92 through that anyway 
rscott said:
NelsonR32 said:
Nope, you are spot on. Mercedes and VW/Audi both have to link up with Germany in order to code a new key and a new key also has to be ordered encoded with the chassis number beforehand.
It beggars belief that a company like BMW could not have seen something like this coming with the process they have.
Great idea, but what's the backup if the server is down or the company does a Rover/ Saab and the servers are no longer available? It beggars belief that a company like BMW could not have seen something like this coming with the process they have.
Bit premature to
BE57 TOY said:
Fair enough. I dont own or use one, but I drive an Audi. I'm looking at a BMW next and I still won't be using one. They are a royal pain in the arse.
I will just put a switch on the OBD and possibly black jax.
Problem is, this probably won't address:I will just put a switch on the OBD and possibly black jax.
1) Rising insurance premiums (no way they'll discount for a DIY mod); or
2) People having a go at the car before realising they can't take it (leaving you with the hassle of sorting any damage).
Similarly, whilst the advice to park in overlooked locations is sound in theory, it doesn't really address the real world situations people find themselves in. Who, really, is going to plan their daily/social lives around where they can park at their destination?
Only good news is that there's nothing else on the market that I like right now, so currently plan to hang on to the car I've got and spend the cash I would have otherwise spent on another toy.
LooneyTunes said:
Problem is, this probably won't address:
1) Rising insurance premiums (no way they'll discount for a DIY mod); or
2) People having a go at the car before realising they can't take it (leaving you with the hassle of sorting any damage).
Similarly, whilst the advice to park in overlooked locations is sound in theory, it doesn't really address the real world situations people find themselves in. Who, really, is going to plan their daily/social lives around where they can park at their destination?
Only good news is that there's nothing else on the market that I like right now, so currently plan to hang on to the car I've got and spend the cash I would have otherwise spent on another toy.
I think it also depends on where youre from. 1) Rising insurance premiums (no way they'll discount for a DIY mod); or
2) People having a go at the car before realising they can't take it (leaving you with the hassle of sorting any damage).
Similarly, whilst the advice to park in overlooked locations is sound in theory, it doesn't really address the real world situations people find themselves in. Who, really, is going to plan their daily/social lives around where they can park at their destination?
Only good news is that there's nothing else on the market that I like right now, so currently plan to hang on to the car I've got and spend the cash I would have otherwise spent on another toy.
If you live in E. London / Birmingham / city or bad area then your premium will go up.
I haven't noticed premiums going up around here (middle of a field).
BE57 TOY said:
I saw a beautiful BMW coupe at tesco yesterday with a dislock on. It was a very strange sight to see. People outside of PH circles must be clocking on to this now.
If it was le mans blue then it was probably mine.I put it on everywhere I go, it takes 5 seconds to fit so why take the risk?
kcooperman said:
If it was le mans blue then it was probably mine.
I put it on everywhere I go, it takes 5 seconds to fit so why take the risk?
Totally agree with you there, I use my disklok in my 1M even while it is parked in my garage, have always used additional hardware and never trusted/relied on an alarm......I put it on everywhere I go, it takes 5 seconds to fit so why take the risk?
aussieinlondon said:
Totally agree with you there, I use my disklok in my 1M even while it is parked in my garage, have always used additional hardware and never trusted/relied on an alarm......
Me too.I never leave my car on the drive-straight into the garage.I'm currently toying with the idea of a wheel clamp that can be applied in
seconds-for when the car is parked up for several hours.
I used to use one on my Impreza and was fitted within about 5-10 seconds and was as easy as fitting my disclock.
However,this won't fit my staggered 19's.
I found a company that makes them to fit-just thinking about the practical side of it as it is a bit more involved (and secure) than the one I already have!
It's all a p.i.t.a,but I'm prepared to put up with a couple of minutes of inconvenience,rather than my car going AWOL...
NelsonR32 said:
rscott said:
NelsonR32 said:
Nope, you are spot on. Mercedes and VW/Audi both have to link up with Germany in order to code a new key and a new key also has to be ordered encoded with the chassis number beforehand.
It beggars belief that a company like BMW could not have seen something like this coming with the process they have.
Great idea, but what's the backup if the server is down or the company does a Rover/ Saab and the servers are no longer available? It beggars belief that a company like BMW could not have seen something like this coming with the process they have.
Bit premature to
stuart-b said:
rscott said:
Great idea, but what's the backup if the server is down or the company does a Rover/ Saab and the servers are no longer available?
It's a multi billion pound company, they won't have 'a server' dealing with the entire customer base. It's still dependent on the whole chain working - diagnostic equipment, dealer's IT infrastructure/ communications link, etc.
rscott said:
It's still dependent on the whole chain working - diagnostic equipment, dealer's IT infrastructure/ communications link, etc.
Yes, this is what keeps things secure - as there has to be the link to get the keys made. I'd imagine over 99% of owners would be happy to put up with this "restriction" on getting a new key (as they probably lost the old one, so they've been a numpty already) if it means the keys can't be made by any tom/dick/harry with the right box of tricks.rscott said:
just said server for convenience. It's obvious they'll hopefully have a couple of server farms at different locations,
It's still dependent on the whole chain working - diagnostic equipment, dealer's IT infrastructure/ communications link, etc.
It's still dependent on the whole chain working - diagnostic equipment, dealer's IT infrastructure/ communications link, etc.
Audi once told me to come back another day for my new spare key because their "link to Germany" was down.They also mentioned the coding was done over a modem (and not the Internet). This makes a lot of sense because sending data over private phone lines is generally considered more secure than the public Internet. No doubt the link would be encrypted too.
320d msport renewal in east london paid today - £777 . Same as last year, with the blurb being that premiums had risen but my jump from 5 to 6 yrs of no claims covered the rise and so overall my premium was flat. Conveniently it was £2 better than the cheapest I could find online so I think my broker is just undercutting the cheapest quote he can find on my behalf.(Admiral 779).
JulietRomeo said:
320d msport renewal in east london paid today - £777 . Same as last year, with the blurb being that premiums had risen but my jump from 5 to 6 yrs of no claims covered the rise and so overall my premium was flat. Conveniently it was £2 better than the cheapest I could find online so I think my broker is just undercutting the cheapest quote he can find on my behalf.(Admiral 779).
Good news. My renewal in April hadn't changed either. 335i in north Cheshire/Lancs.Gassing Station | BMW General | Top of Page | What's New | My Stuff