RE: Video: Key fob reprogrammers steal BMW in 3 mins
Discussion
405dogvan said:
hman said:
As has been discussed previously, a stoplock through the wheel stops this kind of theft
There isn't a 'stoplock' being made which can't be removed in 2-3 mins using a can of compressed air and a hammer...
t stories about this sort of thing.Also I dont see this team holding a can of compressed air and a hammer.
And I cant see them taking 2-3 minutes smacking the s
t out of the lock on the driveway making and enormous racket.These locks are designed to deter and extend the amount of time taken to steal a vehicle - therefore putting the thief off.
and for the guy that says " they just hacksaw them off " - have you ever tried to hacksaw a steering wheel? - it takes a fair while and you have to potentially do it in two places !!!!
I'm glad that you're not disputing the removal of the wire from the OBD port though eh
NadiR said:
joshxs said:
Can't the manufactures just put the OBD port in the engine bay?
Not going to happen, the OBD port has to be within 12 inches of the steering wheel IIRC.Most cars (inc BMW) the port is on the left hand side , so for a RHD car, it's no where near the wheel!
More generally, the pathetic bit here is that there is no security on access the the CAS unit via CAN, FFS even a basic password would be better than nothing...
Proper solution would be for the CAS to be encrypted and need a VIN-related one-time passcode to access that has to be sourced from BMW every time access is required, yes, this will slow down genuine new key programming, but so what if it takes a few minutes to send an email round BMW?
better than loosing your car in <10 sec's.
Krikkit said:
mrloudly said:
Why not cover the port with a cover linked to the alarm system? To get port access you have to remove the cover which trips the alarm. It's not brain surgery...
IIRC OBD ports have to be installed with 2 feet of the driver and can only be placed behind a cover that doesn't require tools to open it. Again, all designed for ease of use by every garage etc to stop dealer tools etc being used.Simplest solution has already been hazarded on - if the alarm is on and the OBD is activated -> alarm goes off. If someone authorised programs a key in this fashion without unlocking the car the alarm will go off, but that doesn't matter.
This has been an issue for ages, and when making a decision on my new car, I purposely discounted the 1-series M as an option because of it, which was a shame because it was between that and the car I did eventually buy.
BMW need to sort this, it is an embarrasement!
Just hope my Porsche CR doesn't use this kind of system?!?!
BMW need to sort this, it is an embarrasement!
Just hope my Porsche CR doesn't use this kind of system?!?!
My 2009 3.0SD X5 was stolen from outside my house. We locked the car at night only to find someone got access to the car overnight . This happened three times in a 12 month period . We suspected kids got access so they could steal from the car .
3-4 weeks after the last break-in the car went missing from outside our house . I had a tracker horizon fitted to the car so called tracker immediately to activate the device, they couldn't pick up a signal .... obviously the break-in prior to the theft was all about finding the tracker , they must have found the device and removed it before coming back to steal the car. We had both keys so they must have cloned the key using an offical BMW device.
BMW denied all wrong doing , said that it wasn't their fault that someone managed to clone our key. I heard from another source that Thatcham are looking into the problem and might refuse to give their backing to BMW immobilisers in the future .
3-4 weeks after the last break-in the car went missing from outside our house . I had a tracker horizon fitted to the car so called tracker immediately to activate the device, they couldn't pick up a signal .... obviously the break-in prior to the theft was all about finding the tracker , they must have found the device and removed it before coming back to steal the car. We had both keys so they must have cloned the key using an offical BMW device.
BMW denied all wrong doing , said that it wasn't their fault that someone managed to clone our key. I heard from another source that Thatcham are looking into the problem and might refuse to give their backing to BMW immobilisers in the future .
iandews said:
This has been an issue for ages, and when making a decision on my new car, I purposely discounted the 1-series M as an option because of it, which was a shame because it was between that and the car I did eventually buy.
BMW need to sort this, it is an embarrasement!
Just hope my Porsche CR doesn't use this kind of system?!?!
ANY car that runs one of the BMW style "keyless" fobs has the capability of having a key programmed by the OBD port.BMW need to sort this, it is an embarrasement!
Just hope my Porsche CR doesn't use this kind of system?!?!
The simple and annoying truth is that no matter what you do to secure your pride and joy, there will ALWAYS be a way someone can steal it. No matter how complicated a security system, no matter how you clamp it, steering lock it, or chain it to the floor, if someone wants it bad enough (especially for those of you who are lucky enough to have a gorgeous piece of exotica on your drive) someone out there will have the tools and know how to steal it.
nickz32 said:
ANY car that runs one of the BMW style "keyless" fobs has the capability of having a key programmed by the OBD port.
The simple and annoying truth is that no matter what you do to secure your pride and joy, there will ALWAYS be a way someone can steal it. No matter how complicated a security system, no matter how you clamp it, steering lock it, or chain it to the floor, if someone wants it bad enough (especially for those of you who are lucky enough to have a gorgeous piece of exotica on your drive) someone out there will have the tools and know how to steal it.
not really, the point here is that the CAN bus access to the CAS is un-encrypted, that's just sloppy.The simple and annoying truth is that no matter what you do to secure your pride and joy, there will ALWAYS be a way someone can steal it. No matter how complicated a security system, no matter how you clamp it, steering lock it, or chain it to the floor, if someone wants it bad enough (especially for those of you who are lucky enough to have a gorgeous piece of exotica on your drive) someone out there will have the tools and know how to steal it.
Yes, you could argue that if it was encrypted it could still be hacked, but the reality is if they used a decent encryption, it would take too long to crack if indeed you have the CPU horsepower to crack it available as a portable device.
LongLiveTazio said:
The real interesting thing is why BMWs. Other makes are susceptible so I can only assume an ex technician and flogging the info to criminal gangs who are now proficient.
that's not the problem, the problem is that you can buy a key programmer of Ebay along with new keys.these can be programmed within 10 sec's of access to the OBD port....
Scuffers said:
More generally, the pathetic bit here is that there is no security on access the the CAS unit via CAN, FFS even a basic password would be better than nothing
...........
Proper solution would be for the CAS to be encrypted
............
better than loosing your car in <10 sec's.
They did encrypt it but someone worked out the secret key, maybe by removing layers and using an electron microscope and inducing errors or they just failed to implement it properly or maybe both. The fact it was cracked and being sold for models 1995-2009 for £50 and now 2009+ for £400 seems to be the problem............
Proper solution would be for the CAS to be encrypted
............
better than loosing your car in <10 sec's.
"- Programming of key is going directly in the ignition lock! No need for
additional programmers and preparations of keys!
- Support of latest technologies from BMW:
1) EWS4 Secret Key (new 128-bit synchronization with engine control unit).
BMW documentation “says” that noone can read or write it, but we can do it
through OBD-II socket! Surprise!
2) SOPT (encryption of keys and synchronizations with engine control unit).
Now the keys can be programmed even for encrypted CAS! And even with
encrypted EWS4 Secret Key, and now it’s the first software that can do it!
- Many very useful functions and all of them can be done via OBD-II socket! "
Edited by tercelgold on Monday 2nd July 16:55
Scuffers said:
nickz32 said:
ANY car that runs one of the BMW style "keyless" fobs has the capability of having a key programmed by the OBD port.
The simple and annoying truth is that no matter what you do to secure your pride and joy, there will ALWAYS be a way someone can steal it. No matter how complicated a security system, no matter how you clamp it, steering lock it, or chain it to the floor, if someone wants it bad enough (especially for those of you who are lucky enough to have a gorgeous piece of exotica on your drive) someone out there will have the tools and know how to steal it.
not really, the point here is that the CAN bus access to the CAS is un-encrypted, that's just sloppy.The simple and annoying truth is that no matter what you do to secure your pride and joy, there will ALWAYS be a way someone can steal it. No matter how complicated a security system, no matter how you clamp it, steering lock it, or chain it to the floor, if someone wants it bad enough (especially for those of you who are lucky enough to have a gorgeous piece of exotica on your drive) someone out there will have the tools and know how to steal it.
Yes, you could argue that if it was encrypted it could still be hacked, but the reality is if they used a decent encryption, it would take too long to crack if indeed you have the CPU horsepower to crack it available as a portable device.
LongLiveTazio said:
The real interesting thing is why BMWs. Other makes are susceptible so I can only assume an ex technician and flogging the info to criminal gangs who are now proficient.
that's not the problem, the problem is that you can buy a key programmer of Ebay along with new keys.these can be programmed within 10 sec's of access to the OBD port....
Gassing Station | General Gassing | Top of Page | What's New | My Stuff