RE: Video: Key fob reprogrammers steal BMW in 3 mins
Discussion
TallbutBuxomly said:
Zyp said:
How does the key fob start the engine without being in the slot?
Mine doesn't.
It goes in the slot and starts the engine once the car is off the drive and away from the house so that the owner does not get woken up and disturb them.Mine doesn't.
They simply create a new key disarm the cars alarm then push it down the road before starting it and buggering off into the night.
It says that these new fangled keys can start the car without being in the port, hence easier to steal.
Zyp said:
I know, I was just questioning the article.
It says that these new fangled keys can start the car without being in the port, hence easier to steal.
I realised that once I read the article. I keep forgetting how piss poor dailywail are at accuracy or grammar or anything really.It says that these new fangled keys can start the car without being in the port, hence easier to steal.
Out of curiosity just went out to my 01 reg audi a4 and opened all windows then activated the alarm.
Then tried putting my arm down the inside of driver side door and it was a bit hit and miss. I would say 1 in 3 maybe 1 in 4 times it would pick up and set off the alarm.
I would think that by now bmw's systems would be good enough to get a 1 on 1 hit rate in the same test.
Then tried putting my arm down the inside of driver side door and it was a bit hit and miss. I would say 1 in 3 maybe 1 in 4 times it would pick up and set off the alarm.
I would think that by now bmw's systems would be good enough to get a 1 on 1 hit rate in the same test.
bertie said:
Passive entry is an optional extra, allaws you to just have the keys on you and they authorise.
Yes, but that article seems to imply that the only ones stolen are those that have that feature.'....The devices can be made for just £70, and the increasing popularity of remote 'fob' keys - which turn on the car's engine without being put into the ignition port - has led to the new crime trend....'
Steffan said:
0a said:
Well spotted and posted Da. Now I do believe that, the press are starting to pick up on this. Excellent news, I think BMW are going to have to admit the problem and face the music.
Excellent news for the owners, I am only sorry it has taken this long.
carinaman said:
Nice to see the Daily Mail reprint the BMW 'It's the EU's fault' shoulder slope.
Quite. It seems that once again bmw have decided that sticking their head in the sand and ignoring the problem will make it go away.My one hope is that bmw are working behind the scenes to find a solution to the problem.
If honest I would have said the simplest and best option would be for bmw to order an optional recall to all cars affected and then move the obd port as that would if I understand rightly within eu rules.
It would cost them nothing more than half an hr for a bmw tech to do so and overall cost to bmw pr and so on would be very small compared to the lost sales they will incur from this becoming an ever bigger story.
I'm not defending BMW here, but whilst it may be BMW's that are seemly being targeted for this type of theft, as the article on here stated, there are other manufacturers that are vulnerable.
It's not just BMW that are working for a resolution to this problem, the MET, Thatcham and a number of manufacturers are all working together
In a way, I feel sorry for BMW, as they are the ones that are having the finger pointed at them, primarily because they make nice cars that are easily moved on/are desireable/valuable - at the end of the day, the only people that should be blamed are the dirty f
king scumbags that are stealing them, and a penal system that allows them to get off with a slap on the wrists when they get caught
It's not just BMW that are working for a resolution to this problem, the MET, Thatcham and a number of manufacturers are all working together
In a way, I feel sorry for BMW, as they are the ones that are having the finger pointed at them, primarily because they make nice cars that are easily moved on/are desireable/valuable - at the end of the day, the only people that should be blamed are the dirty f
king scumbags that are stealing them, and a penal system that allows them to get off with a slap on the wrists when they get caughtTrouble is PH ran the same fed line, so a comparison to be made there between the Mail and PH editorial perhaps.
The good thing is the discussion here has determined it to be utter codswallop. BMW mess up allowing their cars to be this insecure in the first place and then compound it with this 'It's the EU's fault' claptrap.
Surely BMW realise that insulting the intelligence of the public isn't the best of ideas? I'm not sure people like it when governments, politicians, bankers and airlines do it so what makes them think the public will like it when they do it?
I'm sure some business courses, public sector training and customer service courses preach that you should admit when you've got it wrong and work to rectify the problem. 'It's the EU' seems like side stepping the issue and spreading the blame. I find it difficult not to file it next to the inane 'Joy' adverts.
They've not lost me as a customer but it's taken the shine of the brand to me.
The good thing is the discussion here has determined it to be utter codswallop. BMW mess up allowing their cars to be this insecure in the first place and then compound it with this 'It's the EU's fault' claptrap.
Surely BMW realise that insulting the intelligence of the public isn't the best of ideas? I'm not sure people like it when governments, politicians, bankers and airlines do it so what makes them think the public will like it when they do it?
I'm sure some business courses, public sector training and customer service courses preach that you should admit when you've got it wrong and work to rectify the problem. 'It's the EU' seems like side stepping the issue and spreading the blame. I find it difficult not to file it next to the inane 'Joy' adverts.
They've not lost me as a customer but it's taken the shine of the brand to me.
carinaman said:
Trouble is PH ran the same fed line, so a comparison to be made there between the Mail and PH editorial perhaps.
The good thing is the discussion here has determined it to be utter codswallop. BMW mess up allowing their cars to be this insecure in the first place and then compound it with this 'It's the EU's fault' claptrap.
Surely BMW realise that insulting the intelligence of the public isn't the best of ideas? I'm not sure people like it when governments, politicians, bankers and airlines do it so what makes them think the public will like it when they do it?
I'm sure some business courses, public sector training and customer service courses preach that you should admit when you've got it wrong and work to rectify the problem. 'It's the EU' seems like side stepping the issue and spreading the blame. I find it difficult not to file it next to the inane 'Joy' adverts.
They've not lost me as a customer but it's taken the shine of the brand to me.
Sadly imho its Because of modern business courses that bmw and other companies react so badly.The good thing is the discussion here has determined it to be utter codswallop. BMW mess up allowing their cars to be this insecure in the first place and then compound it with this 'It's the EU's fault' claptrap.
Surely BMW realise that insulting the intelligence of the public isn't the best of ideas? I'm not sure people like it when governments, politicians, bankers and airlines do it so what makes them think the public will like it when they do it?
I'm sure some business courses, public sector training and customer service courses preach that you should admit when you've got it wrong and work to rectify the problem. 'It's the EU' seems like side stepping the issue and spreading the blame. I find it difficult not to file it next to the inane 'Joy' adverts.
They've not lost me as a customer but it's taken the shine of the brand to me.
Superhoop, I don't agree. If you look at the back of your mobile device of choice, or your home or work PC you'll see various connectors on the back.
They've positioned that physical port there, they've allowed that port to be live and accessible when the alarm is set and they've allowed the car to program a blank key without the presence of an actual key. I think they've allowed too many faetures of dubious benefit to be accessible when they shouldn't or make the wrong choice when it comes to weighing up convenience versus security.
I've made the point previously in this thread but your company or employer can pay as much as they like to have their computers and networks secured or managed internally or by an outside provider but if a MoP can wander into your premises by tailgating an employee or under the guise of delivering some business parcel or document or pizza and they can get physical access to the network socket on the wall then they're in, they've found a way to get onto your network.
Cars now have networks. There's an insecure port that allows you to physically move the car and program a new key for it. They could advertise that nicked car with a full set of keys just by programming more fobs with it.
It almost like the Google Streetview cars sniffing everyone's home WiFi traffic.
Also, there's a string 'em up thread here:
http://www.pistonheads.com/gassing/topic.asp?h=0&a...
I don't want to appear rude or bossy, but this thread seems to have stayed largely on course and discussed the way the cars were pinched and the technical methods and the other grew into a law and order and retribution and rehabilitation one.
Perhaps BMW were thinking 0-60, Gs, CoG but not thinking networks and security?
They've positioned that physical port there, they've allowed that port to be live and accessible when the alarm is set and they've allowed the car to program a blank key without the presence of an actual key. I think they've allowed too many faetures of dubious benefit to be accessible when they shouldn't or make the wrong choice when it comes to weighing up convenience versus security.
I've made the point previously in this thread but your company or employer can pay as much as they like to have their computers and networks secured or managed internally or by an outside provider but if a MoP can wander into your premises by tailgating an employee or under the guise of delivering some business parcel or document or pizza and they can get physical access to the network socket on the wall then they're in, they've found a way to get onto your network.
Cars now have networks. There's an insecure port that allows you to physically move the car and program a new key for it. They could advertise that nicked car with a full set of keys just by programming more fobs with it.
It almost like the Google Streetview cars sniffing everyone's home WiFi traffic.
Also, there's a string 'em up thread here:
http://www.pistonheads.com/gassing/topic.asp?h=0&a...
I don't want to appear rude or bossy, but this thread seems to have stayed largely on course and discussed the way the cars were pinched and the technical methods and the other grew into a law and order and retribution and rehabilitation one.
Perhaps BMW were thinking 0-60, Gs, CoG but not thinking networks and security?
Edited by carinaman on Friday 6th July 22:17
I've said it a few times before on this thread, but the mistake here is allowing new keys to be added via ODB.
It's done for ease of vehicle production so keys can be quickly and easily programmed to vehicles but it's a security hole.
Plenty of other systems out there you can't add keys via ODB and you have to have a currently authorised key present to add a new one.
It's not a new issue, been well known in the industry for years.
It's done for ease of vehicle production so keys can be quickly and easily programmed to vehicles but it's a security hole.
Plenty of other systems out there you can't add keys via ODB and you have to have a currently authorised key present to add a new one.
It's not a new issue, been well known in the industry for years.
bertie said:
Plenty of other systems out there you can't add keys via ODB and you have to have a currently authorised key present to add a new key.
Sorry, but disagree with this - most manufacturers systems now require the use of the OBDII port to program keys, and most don't need an existing key - if they did, losing both keys would cost the owner £000's due to the nature of key ID storage within the vehicle systems. Other manufacturers might need a secondary form of access to complete the process, but they still use the OBDII portI don't know how BMW dealers code a key, although I do know that BMW can supply a key already coded to operate - the problem is, thieves have found a way to cheat the system.
Like I said in my last post, this is an industry wide problem, it's not isolated to just keyless entry systems and it's not just BMW working on a solution. Thatcham are definitely involved, and it's Thatcham that sign these systems off as secure.
BMW seem to be the biggest target, and no doubt there are things that are making it easier for the car thieves with OBDII port location etc, but part of the reason for them being a target is desirability
As I also said in a much earlier post, as and when a solution is found, the thefts won't stop, the scum that are taking them will just go back to removing your back door to gain access to your house, to gain access to your keys just like they have been doing for the last few years - and if someone wants my car, I'd rather them take it without the need for any interaction with either me or my family to do so.
SuperHoop, it all adds to the debate. 
Stealing cars isn't new is it? Stealing cars that are particularly sought after or fast isn't new either is it? Cage's and Vinny's Gone in 60 seconds was a remake.
Therefore shouldn't stuff like 1Ms be more secure? You don't buy McAfee HomePC Secure 1 user licence if you're running a bank do you?
Is this system less secure than previous solutions that didn't involve any electronics or OBD?
The argument that you'd rather have someone just take the car than have them enter your dwelling via a door or window to get the keys seems like a bit of an excuse really. The 1M was not intentionally made that insecure for that reason was it?
I don't get the BMW sympathy:
1. BMWs have been desireable and stolen for several decades now.
2. It's a well known problem within the industry.
3. They've not sorted it.
4. They've pointed at the EU with an almost 'Not our fault guv' shrug.
5. They've sold customers cars that are insecure.
6. They've made it easy for criminals to steal them.
7. The 300 BMWs pinched that way will mean we'll be paying for it via our insurance.
'The BMW 1M - as nickable as a Cortina'.
Stealing cars isn't new is it? Stealing cars that are particularly sought after or fast isn't new either is it? Cage's and Vinny's Gone in 60 seconds was a remake.
Therefore shouldn't stuff like 1Ms be more secure? You don't buy McAfee HomePC Secure 1 user licence if you're running a bank do you?
Is this system less secure than previous solutions that didn't involve any electronics or OBD?
The argument that you'd rather have someone just take the car than have them enter your dwelling via a door or window to get the keys seems like a bit of an excuse really. The 1M was not intentionally made that insecure for that reason was it?
I don't get the BMW sympathy:
1. BMWs have been desireable and stolen for several decades now.
2. It's a well known problem within the industry.
3. They've not sorted it.
4. They've pointed at the EU with an almost 'Not our fault guv' shrug.
5. They've sold customers cars that are insecure.
6. They've made it easy for criminals to steal them.
7. The 300 BMWs pinched that way will mean we'll be paying for it via our insurance.
'The BMW 1M - as nickable as a Cortina'.
Edited by carinaman on Friday 6th July 23:22
carinaman said:
SuperHoop, it all adds to the debate
The argument that you'd rather have someone just take the car than have them enter your dwelling via a door or window to get the keys seems like a bit of an excuse really.
'.
No excuse, I wouldn't care if I owned a 1M or a Veyron - whether you share my point of view or not, a car, and I mean ANY car is just that, a car, and in some way, shape or form, they can be replaced - my wife and daughter can'tThe argument that you'd rather have someone just take the car than have them enter your dwelling via a door or window to get the keys seems like a bit of an excuse really.
'.
Superhoop said:
No excuse, I wouldn't care if I owned a 1M or a Veyron - whether you share my point of view or not, a car, and I mean ANY car is just that, a car, and in some way, shape or form, they can be replaced - my wife and daughter can't
Do you leave your keys in the ignition then? Obviously not, but then neither do the car owners who's car is nicked after the house has been broken into for he keys - which was my point...
It's just a car, and ultimately car theft makes unscrupulous scum lots of money, and if they want it, they'll take it, by what ever means
As I keep saying, once this hole in vehicle Security is fixed, it'll be back to taking the keys - until they work out how to beat the next system
It's just a car, and ultimately car theft makes unscrupulous scum lots of money, and if they want it, they'll take it, by what ever means
As I keep saying, once this hole in vehicle Security is fixed, it'll be back to taking the keys - until they work out how to beat the next system
Edited by Superhoop on Friday 6th July 23:52
Gassing Station | General Gassing | Top of Page | What's New | My Stuff