RE: Video: Key fob reprogrammers steal BMW in 3 mins

RE: Video: Key fob reprogrammers steal BMW in 3 mins

Author
Discussion

Scuffers

20,887 posts

273 months

Saturday 7th July 2012
quotequote all
Superhoop said:
Sorry, but disagree with this - most manufacturers systems now require the use of the OBDII port to program keys, and most don't need an existing key - if they did, losing both keys would cost the owner £000's due to the nature of key ID storage within the vehicle systems. Other manufacturers might need a secondary form of access to complete the process, but they still use the OBDII port
just to add to this...

the problem here is not the use of the OBD port per say, it's the total lack of security involved in being able to programme and enable a new key.

the issues are:

1) you can break into the car to access the OBD port without the alarm going off.
2) the CAS unit is not secure, ie. no encryption of anything to access it.

now, you can argue all you like that this is because of the evils of OBD or the ability of BMW to provide new keys, but both arguments are bogus.

OBD access for diagnostics has F*** all to do with access to the CAS unit (is it even on the same CAN bus? - just because it's also presented on the same OBD socket does not mean it's on the same pins/CAN as the ECU)

Also, if access to the CAS was properly encrypted (as in one time passcodes etc), then it would not be (practicably) possible to do this without access to BMW - if you think about it, a well setup system it would be possible for the legitimate owner to ask for a one time pass-key for ANO garage to add a key and still not compromise the basic security.

Long and short of this is that BMW have screwed up, not thought though the security of the CAS unit itself, and what they have now is a HUGE hole in it (funny when you consider how much trouble they went to with the communications from the CAS unit to the ECU only to leave the CAS unit wide open!)

Edited by Scuffers on Saturday 7th July 09:00

bertie

8,545 posts

283 months

Saturday 7th July 2012
quotequote all
Superhoop said:
Sorry, but disagree with this - most manufacturers systems now require the use of the OBDII port to program keys, and most don't need an existing key - if they did, losing both keys would cost the owner £000's due to the nature of key ID storage within the vehicle systems. Other manufacturers might need a secondary form of access to complete the process, but they still use the OBDII port

I don't know how BMW dealers code a key, although I do know that BMW can supply a key already coded to operate - the problem is, thieves have found a way to cheat the system.

Like I said in my last post, this is an industry wide problem, it's not isolated to just keyless entry systems and it's not just BMW working on a solution. Thatcham are definitely involved, and it's Thatcham that sign these systems off as secure.

BMW seem to be the biggest target, and no doubt there are things that are making it easier for the car thieves with OBDII port location etc, but part of the reason for them being a target is desirability

As I also said in a much earlier post, as and when a solution is found, the thefts won't stop, the scum that are taking them will just go back to removing your back door to gain access to your house, to gain access to your keys just like they have been doing for the last few years - and if someone wants my car, I'd rather them take it without the need for any interaction with either me or my family to do so.
What I'm saying is that it's a known weak spot to allow key adding via ODB but it eases production.
So it's a calculated risk which some manufacturers take, and some don't.

The company I work for make body control systems and security systems and keys and we would never allow programming via ODB.

tercelgold

969 posts

156 months

Saturday 7th July 2012
quotequote all
Superhoop said:
I'm not defending BMW here, but whilst it may be BMW's that are seemly being targeted for this type of theft, as the article on here stated, there are other manufacturers that are vulnerable.

It's not just BMW that are working for a resolution to this problem, the MET, Thatcham and a number of manufacturers are all working together

In a way, I feel sorry for BMW, as they are the ones that are having the finger pointed at them, primarily because they make nice cars that are easily moved on/are desireable/valuable - at the end of the day, the only people that should be blamed are the dirty fking scumbags that are stealing them, and a penal system that allows them to get off with a slap on the wrists when they get caught
They cracked the EWS4 key which is a unique problem for BMW, also affects RR Phantom I think (looking at the manual online).

EWS4 Secret Key (new 128-bit synchronization with engine control unit).
BMW documentation “says” that noone can read or write it, but we can do it
through OBD-II socket! Surprise!

Pique

1,158 posts

206 months

Saturday 7th July 2012
quotequote all
Haven't read back to see if this has been posted but the video has reached Jalopnik:

http://jalopnik.com/5923802/watch-hackers-steal-a-...

MElliottUK

830 posts

211 months

Saturday 7th July 2012
quotequote all
I think for a VAG car you have to take your V5 into the garage and the ID key is sent via head office in Germany. (even the garage cannot see the ID)

Why don't they do something similar to this?

Does the new M135I suffer from this problem?

H0ndaT7peR

7 posts

158 months

Sunday 8th July 2012
quotequote all
After my car was stolen my immediate response was to call the police and they'll use the CCTV cameras all over London that are used to catch speeders, people who park on bus stops, drive in bus lanes and other such violations to track the car and hopefully apprehend those involved. After numerous phone calls to the police I managed to find out who the investigating department and officer was. I managed to briefly speak with him and he basically said i'll be lucky to get the car back but they are investigating the case. A couple of weeks passed so I phoned him again but he was on annual leave, his colleague informed me that the case was closed...thanks for letting me know!
At the end of the day its only a car, no one was hurt and I managed to get my money back through my insurance.
The problem is that insurance premiums will be affected, not only for those directly involved but also for those living in the same postcode, with the same or similar car and any other loosely related excuse to increase premiums. I'm sure many people will have seen their insurance premiums either go up or stay the same despite earning another years worth of no claims bonus?
Hypothetically speaking, say if I had woken up and seen them attempting to steal my car, then pop outside and batter one of them with a baseball bat? I would probably go inside for longer than them...the whole thing is a bloody joke!



Mister3man

280 posts

146 months

Sunday 8th July 2012
quotequote all
I work on a particular brand of HGVs.

When I programme keys you need to have an online connection to the plant in Germany to obtain the correct 'passcode', otherwise it won't work.

Brilliant idea because:

A: you can't steal them
B: the manufacturer knows exactly who/what/where the keys were programmed.

So for BMW to do this, I would imagine all that would be required is a software update to prevent keys being programmed without an online connection to the plant.

Scuffers

20,887 posts

273 months

Sunday 8th July 2012
quotequote all
Exactly, its hardly rocket science is it?

Steffan

10,362 posts

227 months

Sunday 8th July 2012
quotequote all
Scuffers said:
Exactly, its hardly rocket science is it?
No, and in consequence I do wonder whether the fix is that simple for BMW. I am not saying that, it is not. But if it is literally that simple, then I would have thought, BMW would have adopted it, immediately and trumpeted their huge success at preventing the criminal masterminds from pinching the cars. From the roof tops, so that all the affected owners realise how well BMW have done in solving this difficulty.

BMW, have steadfastly refused to admit or recognise any need for change. BMW are many things, but they are not stupid. Therefore I have my doubts ,if it can be that simple. Time surely, will tell.

TallbutBuxomly

12,254 posts

215 months

Sunday 8th July 2012
quotequote all
Steffan said:
No, and in consequence I do wonder whether the fix is that simple for BMW. I am not saying that, it is not. But if it is literally that simple, then I would have thought, BMW would have adopted it, immediately and trumpeted their huge success at preventing the criminal masterminds from pinching the cars. From the roof tops, so that all the affected owners realise how well BMW have done in solving this difficulty.

BMW, have steadfastly refused to admit or recognise any need for change. BMW are many things, but they are not stupid. Therefore I have my doubts ,if it can be that simple. Time surely, will tell.
BMW had a problem with their alloy wheels being too soft and cracking far too easily. Their response to that was the same as this, to claim it was nothing to do with their wheels they conform to all standards etc and only when the press and in particular watchdog got involved did they capitulate and accept there was an issue.

Steffan

10,362 posts

227 months

Sunday 8th July 2012
quotequote all
TallbutBuxomly said:
Steffan said:
No, and in consequence I do wonder whether the fix is that simple for BMW. I am not saying that, it is not. But if it is literally that simple, then I would have thought, BMW would have adopted it, immediately and trumpeted their huge success at preventing the criminal masterminds from pinching the cars. From the roof tops, so that all the affected owners realise how well BMW have done in solving this difficulty.

BMW, have steadfastly refused to admit or recognise any need for change. BMW are many things, but they are not stupid. Therefore I have my doubts ,if it can be that simple. Time surely, will tell.
BMW had a problem with their alloy wheels being too soft and cracking far too easily. Their response to that was the same as this, to claim it was nothing to do with their wheels they conform to all standards etc and only when the press and in particular watchdog got involved did they capitulate and accept there was an issue.
I take your point. BMW have never appealed to me I prefer Audi and VW engineering. Perhaps this is the approach of BMW to their mistakes. What I cannot understand is the brand loyalty, but clearly, despite the tardy approach of BMW, there still remains such loyalty.

anonymous-user

53 months

Sunday 8th July 2012
quotequote all
Isn't it going to be rather easy to catch these theives? Everytime someone orders a replacement drivers side windowglass, just send the rozzers around? Let's face it, they can't sell many side windows every year?

sturobturbo

5,746 posts

145 months

Sunday 8th July 2012
quotequote all
Max_Torque said:
Isn't it going to be rather easy to catch these theives? Everytime someone orders a replacement drivers side windowglass, just send the rozzers around? Let's face it, they can't sell many side windows every year?
That won't be in the polices' interest mate, they are too busy.

Scuffers

20,887 posts

273 months

Sunday 8th July 2012
quotequote all
sturobturbo said:
Max_Torque said:
Isn't it going to be rather easy to catch these theives? Everytime someone orders a replacement drivers side windowglass, just send the rozzers around? Let's face it, they can't sell many side windows every year?
That won't be in the polices' interest mate, they are too busy.
too true shutting down motorways

frosted

3,549 posts

176 months

Sunday 8th July 2012
quotequote all
Pique said:
Haven't read back to see if this has been posted but the video has reached Jalopnik:

http://jalopnik.com/5923802/watch-hackers-steal-a-...
I got it on google news today

EddieFelson

1,168 posts

213 months

Monday 9th July 2012
quotequote all
There is an article in the Metro this morning page 27.

ZesPak

Original Poster:

24,421 posts

195 months

Monday 9th July 2012
quotequote all
dasbimmerowner said:
I've no interest in a tracker. If the car is stolen I really don't want it returned.
Really?

I can see a couple of upsides here though:

  1. Car returned relatively fast without cost, no insurance bother either
  2. Damage is usually minimal, a couple of hundred £
  3. "they" won't return after a couple of months for your brand new insurance money car
  4. insurance claims don't go up for EVERYBODY. Look at this 1M, imagine if you want one and insure one, turns out that in your area there's a 20% chance it'll get nicked without a chance of retrieval. Your insurance quote will eventually say £15000, because some people "rather have a new one than have one returned". Don't forget that, however you think of it, YOU pay for the new one, not the scrotes, not the insurance, YOU.
  5. most of all: the fking scrotes don't have it, they've wasted an evening of their fking around and don't have any money in their pockets for it. This sends the message that MAYBE crime doesn't pay after all. Better still, they might even get caught with it (justice system aside, that's another matter). Imagine if the return/retrieval rate of cars is 60% instead of the current 5%, you'd think that thefts will drop? Now it's just so likely to get away with it it's ridiculous.
But as you said, it's easy to nick one, it's easy to have a new one through insurance, it's a circle that won't be broken until either one changes. In my opinion the insurance will strike first, posing very high quotes for theft insurance, having a lot of people not taking one and only then make it harder for the thieves to nick their car.

Scuffers

20,887 posts

273 months

Monday 9th July 2012
quotequote all
ZesPak said:
  1. Car returned relatively fast without cost, no insurance bother either
  2. Damage is usually minimal, a couple of hundred £
  3. "they" won't return after a couple of months for your brand new insurance money car
not sure I agree with these, having had a car stolen/recovered...

  1. it took 12 weeks to recover it
  2. it was supposedly un-damaged, but ended up being written off some months later when the fixing dealer discovered the shell was twisted (not before they had already spend a fortune on trying to fix it)
  3. if only.....
appreciate my experience is probably not typical, but if I have a car stolen, I probably don't want it back.

ZesPak

Original Poster:

24,421 posts

195 months

Monday 9th July 2012
quotequote all
Scuffers said:
not sure I agree with these, having had a car stolen/recovered...

  1. it took 12 weeks to recover it
  2. it was supposedly un-damaged, but ended up being written off some months later when the fixing dealer discovered the shell was twisted (not before they had already spend a fortune on trying to fix it)
  3. if only.....
appreciate my experience is probably not typical, but if I have a car stolen, I probably don't want it back.
Sorry, I was of course also speaking of anecdotal evidence. Having had my car stolen and retrieved once, it was stolen in the night and intercepted only 30km further (eastern european scrotes still inside), having it returned to us within 2 hours and all we had to do was replace two locks and get the stench out.

Steffan

10,362 posts

227 months

Monday 9th July 2012
quotequote all
I understand this is now in the Telegraph and Metro. Every article in the news must be most welcome to the owners of affected cars. How long before BMW come clean and admit their mistake, and actually come up with a dealer approved solution? I do think the roll needed has started at last.