RE: Video: Key fob reprogrammers steal BMW in 3 mins
Discussion
Scuffers said:
Proper solution would be for the CAS to be encrypted and need a VIN-related one-time passcode to access that has to be sourced from BMW every time access is required, yes, this will slow down genuine new key programming, but so what if it takes a few minutes to send an email round BMW?
better than loosing your car in <10 sec's.
No! - don't link this back to BMW; a new key would cost thousands. Independent garages should still be able to do this sort of thing. Either physically protect the ODB2 port with a key, or make the process of programming a new key more time consuming & noisy. If legitimately programming a key triggers a the horn for five seconds and then takes 30 minutes to complete the programming process, then it couldn't be used in this way.better than loosing your car in <10 sec's.
Jakdaw said:
Scuffers said:
Proper solution would be for the CAS to be encrypted and need a VIN-related one-time passcode to access that has to be sourced from BMW every time access is required, yes, this will slow down genuine new key programming, but so what if it takes a few minutes to send an email round BMW?
better than loosing your car in <10 sec's.
No! - don't link this back to BMW; a new key would cost thousands. Independent garages should still be able to do this sort of thing. Either physically protect the ODB2 port with a key, or make the process of programming a new key more time consuming & noisy. If legitimately programming a key triggers a the horn for five seconds and then takes 30 minutes to complete the programming process, then it couldn't be used in this way.better than loosing your car in <10 sec's.
yes, it would slow the process down a bit (no bad thing) but so what?
how is this any different from the Dealer having to re-flash the ECU for example.
mrmr96 said:
Guvernator said:
Surely fixing this should be a case of a simple software recode which removes the key re-programme feature from being accessed through the obd? Voila problem solved.
So when I lose my key, how do I get a new one made?Other businesses have been doing this to give people remote access to their secure systems and data for years. The ability to secure computer systems from this kind of stuff has been available for years. It's time these allegedly leading edge automotive manufacturers came out of the dark ages and wisend up to this kind of stuff.
It's no good boasting that the latest 7 series BMW has more computing power than was used to fly to the Moon if they aren't doing enough to secure those computers in your car. The fact that some neandrethal can "hack" it in less than a minute says all you need to know about how seriously they have thought about it.
Guvernator said:
Easy, only a BMW dealer can re-activate the feature and they can only do it by getting a one time authorisation code from BMW central so that all such requests are logged and authorised.
Other businesses have been doing this to give people remote access to their secure systems and data for years. The ability to secure computer systems from this kind of stuff has been available for years. It's time these allegedly leading edge automotive manufacturers came out of the dark ages and wisend up to this kind of stuff.
It's no good boasting that the latest 7 series BMW has more computing power than was used to fly to the Moon if they aren't doing enough to secure those computers in your car. The fact that some neandrethal can "hack" it in less than a minute says all you need to know about how seriously they have thought about it.
exactly....Other businesses have been doing this to give people remote access to their secure systems and data for years. The ability to secure computer systems from this kind of stuff has been available for years. It's time these allegedly leading edge automotive manufacturers came out of the dark ages and wisend up to this kind of stuff.
It's no good boasting that the latest 7 series BMW has more computing power than was used to fly to the Moon if they aren't doing enough to secure those computers in your car. The fact that some neandrethal can "hack" it in less than a minute says all you need to know about how seriously they have thought about it.
Guvernator said:
mrmr96 said:
Guvernator said:
Surely fixing this should be a case of a simple software recode which removes the key re-programme feature from being accessed through the obd? Voila problem solved.
So when I lose my key, how do I get a new one made?However I think this might be against the competition rules, which say that the ODB port has to be available to Independents.
So it's a bit of a conundrum, unless you were to make the independents ALSO have to contact BMW head office when they want to make keys? It would at least retain some central control.
robinessex said:
IF anyone should decide to buy a new BMW in the future, have a TOTALLY independent tracker working via mobile phone activation fitted. But you'll only buy if BMW pay for it!!
Which pre-supposes that you would want the car back after it has been ragged at the ragged edge, probably sh*t in, and is worth 50 per cent less as it is now logged as 'stolen recovered'.hman said:
Proof required please - I've heard too many bulls
t stories about this sort of thing.
Also I dont see this team holding a can of compressed air and a hammer.
And I cant see them taking 2-3 minutes smacking the st out of the lock on the driveway making and enormous racket.
These locks are designed to deter and extend the amount of time taken to steal a vehicle - therefore putting the thief off.
and for the guy that says " they just hacksaw them off " - have you ever tried to hacksaw a steering wheel? - it takes a fair while and you have to potentially do it in two places !!!!
I'm glad that you're not disputing the removal of the wire from the OBD port though eh
Guessing they do something like this: http://www.youtube.com/watch?v=NGU8CkOG9a8t stories about this sort of thing.Also I dont see this team holding a can of compressed air and a hammer.
And I cant see them taking 2-3 minutes smacking the s
t out of the lock on the driveway making and enormous racket.These locks are designed to deter and extend the amount of time taken to steal a vehicle - therefore putting the thief off.
and for the guy that says " they just hacksaw them off " - have you ever tried to hacksaw a steering wheel? - it takes a fair while and you have to potentially do it in two places !!!!
I'm glad that you're not disputing the removal of the wire from the OBD port though eh
Spray on concentrated area, hammer a screwdriver down the middle and it would probably go poof?! Shouldn't take long and wouldn't make much noise either.
Froomee said:
carinaman said:
Good to see this on the home page Riggers. 
Proper journalism/reporting. I'd have PH metered this at 9 or 10.
I was just about to add this very statement. AN honest and well written peice that will hopefully influence the industry for the better Proper journalism/reporting. I'd have PH metered this at 9 or 10.
thewheelman said:
I'd love those s to try taking a car from my place. I'd enjoy beating the piss out of them........... I have no time for thieving bds like that.
If you had advance warning when they were coming and could get a few handy friends around you probably would beat the piss out of them.s to try taking a car from my place. I'd enjoy beating the piss out of them........... I have no time for thieving bds like that.in real life:
1. There would be three or four of them and you would be alone
2. You probably wouldn't hear them
3. It will be in the middle of the night when you are semi-naked and half asleep
4. They'll probably have an offensive weapon and be primed with adrenaline to use it
5. If you beat the piss out of them Plod would arrest you (probably)
We live in a s
tty world/countryAdd the feature previously mentioned, "if alarm is armed and an OBD connection is made then the alarm sounds". Additionally I would add an OBD block in this case, so that the OBD connection fails and "locks out " until the car's keyfob is in the ignition (or put in the slot).
And/Or.. How about that the car's keyfob MUST be in the ignition (or put in the slot) for an OBD connection to be allowed. If not the alarm sounds and OBD connection fails.
Or.. have a master key (coloured red), so that the OBD can not be used period. And then the car's master keyfob MUST be in the ignition (or put in the slot) for an OBD connection to be allowed. (i think fiat did sometyhing similar to this in the past, but i'm not sure).
Or.. do a citreon and put a small keypad in the car, with a four digit pin that is asked for when something is plugged into the OBD. If it's not entered, then only allow basic OBC operations, if it is then gain full OBD access.
Or... well, there's loads of variations one could use. But i'm a little surprised by how easily this system can be compromised.
P.S.
The only stop on all this is that if the owner has lost all the original keys/car id cards etc. This can happen as the car changes owners and only one key remains, or if there's a house fire or something nasty.
Scuffers said:
Guvernator said:
Easy, only a BMW dealer can re-activate the feature and they can only do it by getting a one time authorisation code from BMW central so that all such requests are logged and authorised.
Other businesses have been doing this to give people remote access to their secure systems and data for years. The ability to secure computer systems from this kind of stuff has been available for years. It's time these allegedly leading edge automotive manufacturers came out of the dark ages and wisend up to this kind of stuff.
It's no good boasting that the latest 7 series BMW has more computing power than was used to fly to the Moon if they aren't doing enough to secure those computers in your car. The fact that some neandrethal can "hack" it in less than a minute says all you need to know about how seriously they have thought about it.
exactly....Other businesses have been doing this to give people remote access to their secure systems and data for years. The ability to secure computer systems from this kind of stuff has been available for years. It's time these allegedly leading edge automotive manufacturers came out of the dark ages and wisend up to this kind of stuff.
It's no good boasting that the latest 7 series BMW has more computing power than was used to fly to the Moon if they aren't doing enough to secure those computers in your car. The fact that some neandrethal can "hack" it in less than a minute says all you need to know about how seriously they have thought about it.
What manuafactures should be doing is shipping each car with a unique programmable key for the ignition so that a new fob cant be re-programmed from the fob without the unqiue key. When you buy the car you get a key (it could even be positioned somewhere like the boot and only opened with the key) and BMW also get to keep a copy of the key via a system that logs all access.
So your independent garage can use it (if they should ever need to re-programme a key for you) or your BMW garage can us it.
The only problem is that either method allows either the original owner or a dodgy garage to keep a copy of the key so maybe BMW need another method of allowing the owner to apply a new key for the module which is registered at BMW (and the key supplied to the owner).
Gassing Station | General Gassing | Top of Page | What's New | My Stuff