RE: Video: Key fob reprogrammers steal BMW in 3 mins
Discussion
'The reason this form of theft is currently so rife - and admittedly this issue is not limited to BMWs - is that European competition rules require diagnostic and security reprogramming devices to be available to non-franchised garages. As we understand it, this effectively means that car companies cannot restrict access to or use of OBD ports.'
I'm not sure that will fix the problem. I am finding it difficult not to compare this with remote comprimising of IT systems, card payment systems and telephone systems. Rather than being computers in the Pentagon holding information on aliens it's a car parked in a drive way, physical access is much easier. I don't think it's just access to hardware. How many of these bits of kit are out there? I am wondering how many are knock off copies made in China. I think access to the OBD ports needs to be better for a start given how available these bits of kit are.
The fix is a whole different system? Cars and dealer computers will need to use PKI or some other form of authentication before they'll talk to each other?
I'm not sure that will fix the problem. I am finding it difficult not to compare this with remote comprimising of IT systems, card payment systems and telephone systems. Rather than being computers in the Pentagon holding information on aliens it's a car parked in a drive way, physical access is much easier. I don't think it's just access to hardware. How many of these bits of kit are out there? I am wondering how many are knock off copies made in China. I think access to the OBD ports needs to be better for a start given how available these bits of kit are.
The fix is a whole different system? Cars and dealer computers will need to use PKI or some other form of authentication before they'll talk to each other?
E30M3SE said:
rev-erend said:
After watching the video - it looks like they actually push the car away..
They do, less noise that way, and more time before the car is reported stolen and any possible tracker fitted activated.........I have the perfect solution.
On a mk4 golf, you have to have the door open to access the fusebox. Put the obd port in a similar place, nice and deep inside so you can still allow for the odd occasion when you need to monitor something via obd while the car is moving.
The only way you could program the key is to have the door open.
You could maybe use the interior light plunger in the door shut to power up te obd port for extra security.
On a mk4 golf, you have to have the door open to access the fusebox. Put the obd port in a similar place, nice and deep inside so you can still allow for the odd occasion when you need to monitor something via obd while the car is moving.
The only way you could program the key is to have the door open.
You could maybe use the interior light plunger in the door shut to power up te obd port for extra security.
roger.daltrey said:
In reply to previous poster about the tracker - you can buy a 'jammer' from Amazon of all places
See this
http://www.amazon.co.uk/Mini-Jammer-Blocker-Vehicl...
Only £20 and it blocks GPS
Didn't know it was this easy !!
Seems to make Trackers redundant if they are this easy to overcome ?
Surely it should be illegal to sell this, I cant think of a legal reason to own oneSee this
http://www.amazon.co.uk/Mini-Jammer-Blocker-Vehicl...
Only £20 and it blocks GPS
Didn't know it was this easy !!
Seems to make Trackers redundant if they are this easy to overcome ?
nickz32 said:
Youve kind of cancelled out your own arguement there chap. How do you think this all started..... because some low life who worked in a BMW workshop "borrowed" their diagnostics kit and used it in the videoed method. Yeah you could encrypt the OBD, but the dealerships will always have the encryption programmed into their diagnostics so they can access the cars systems. Burgle a dealership and presto
As this chap says. You have been able to buy reprogrammers for donkeys' years but in the past several months it has been pretty much exclusively BMWs that are being taken. The service manager at my local dealership even said to me that BMW are trying to sift through data to find the culprit as it is highly unlikely that this started just from a couple of people buying the kit from Eastern Europe and that alone isn't enough to have the specialised knowledge as in the video.Someone has clearly been a BMW technician and trained others/made information available for a price.
frosted said:
Again, remind me why the EU is mentioned in this article ?
So manufacturers can use it to argue in favour of a return to the nice monopoly they had previously.Much as i loathe and detest what the EU has become, this has bugger all to do with the open market in vehicle repair, and everything to do with manufacturer incompetence
nickz32 said:
Scuffers said:
nickz32 said:
ANY car that runs one of the BMW style "keyless" fobs has the capability of having a key programmed by the OBD port.
The simple and annoying truth is that no matter what you do to secure your pride and joy, there will ALWAYS be a way someone can steal it. No matter how complicated a security system, no matter how you clamp it, steering lock it, or chain it to the floor, if someone wants it bad enough (especially for those of you who are lucky enough to have a gorgeous piece of exotica on your drive) someone out there will have the tools and know how to steal it.
not really, the point here is that the CAN bus access to the CAS is un-encrypted, that's just sloppy.The simple and annoying truth is that no matter what you do to secure your pride and joy, there will ALWAYS be a way someone can steal it. No matter how complicated a security system, no matter how you clamp it, steering lock it, or chain it to the floor, if someone wants it bad enough (especially for those of you who are lucky enough to have a gorgeous piece of exotica on your drive) someone out there will have the tools and know how to steal it.
Yes, you could argue that if it was encrypted it could still be hacked, but the reality is if they used a decent encryption, it would take too long to crack if indeed you have the CPU horsepower to crack it available as a portable device.
LongLiveTazio said:
The real interesting thing is why BMWs. Other makes are susceptible so I can only assume an ex technician and flogging the info to criminal gangs who are now proficient.
that's not the problem, the problem is that you can buy a key programmer of Ebay along with new keys.these can be programmed within 10 sec's of access to the OBD port....
roger.daltrey said:
In reply to previous poster about the tracker - you can buy a 'jammer' from Amazon of all places
See this
http://www.amazon.co.uk/Mini-Jammer-Blocker-Vehicl...
Only £20 and it blocks GPS
Didn't know it was this easy !!
Seems to make Trackers redundant if they are this easy to overcome ?
Why are they allowed to sell such a thing. Surely only to be used for nefarious purposes?See this
http://www.amazon.co.uk/Mini-Jammer-Blocker-Vehicl...
Only £20 and it blocks GPS
Didn't know it was this easy !!
Seems to make Trackers redundant if they are this easy to overcome ?
Edited by groucho on Monday 2nd July 20:26
405dogvan said:
Whilst it's clearly an important story, the tone of the article is that the problem is making manufacturers put an OBD port in the car...
Without requiring that, manufacturers could lock people into their approved dealerships which is utterly unacceptable and breaks a handful of laws which exist for good reason.
Putting the port somewhere it can be accessed without triggering alarms/trackers etc. is obviously dumb - the rules simple say it must be accessible from inside the car - they don't say that it can't be under a seat or behind some sort of secured housing or whatever.
Think it's important you separate those issues, really.
I don't think you can access mine without opening the door.Without requiring that, manufacturers could lock people into their approved dealerships which is utterly unacceptable and breaks a handful of laws which exist for good reason.
Putting the port somewhere it can be accessed without triggering alarms/trackers etc. is obviously dumb - the rules simple say it must be accessible from inside the car - they don't say that it can't be under a seat or behind some sort of secured housing or whatever.
Think it's important you separate those issues, really.
hman said:
and for the guy that says " they just hacksaw them off " - have you ever tried to hacksaw a steering wheel? - it takes a fair while and you have to potentially do it in two places !!!!
Yes actually (I cut the wheel off a s/h steering column for my kit car). It takes not very long at all. Most cores I think are magnesium alloy for weight and the ability to deform/break in a major impact. The downside of which is they are soft and a decent hacksaw will be through in seconds, the wheel will then distort enough IMO to remove a crooklock type lock.There are no two ways about it. A relativly easily accessible port which enables someone to circumvent security is just stupid. Sure use the obd port for diagnostic\fault finding etc but why the hell should you be able to programe a blank key through it? Surely this function should only be able to be accessed in a very secure fashion.
This is like the equivelent of of having your pin number on a sticky note which is stuck on the back of your bank card, i.e. just asking for trouble!
Surely fixing this should be a case of a simple software recode which removes the key re-programme feature from being accessed through the obd? Voila problem solved.
This is like the equivelent of of having your pin number on a sticky note which is stuck on the back of your bank card, i.e. just asking for trouble!
Surely fixing this should be a case of a simple software recode which removes the key re-programme feature from being accessed through the obd? Voila problem solved.
Scuffers said:
Proper solution would be for the CAS to be encrypted and need a VIN-related one-time passcode to access that has to be sourced from BMW every time access is required,
I believe that something along those lines is what Saab do. I have recently had new keys programmed for my 9-3 and the dealer had to connect to Saab to gain authorisation for the programming.LongLiveTazio said:
As this chap says. You have been able to buy reprogrammers for donkeys' years but in the past several months it has been pretty much exclusively BMWs that are being taken. The service manager at my local dealership even said to me that BMW are trying to sift through data to find the culprit as it is highly unlikely that this started just from a couple of people buying the kit from Eastern Europe and that alone isn't enough to have the specialised knowledge as in the video.
Someone has clearly been a BMW technician and trained others/made information available for a price.
Likely or unlikely?Someone has clearly been a BMW technician and trained others/made information available for a price.
Didn't the way of getting through Eurolooks fitted to UPVC doors start and spread from one place in West Yorks?
Checking through the data? 'Insider' knowledge? It's hardly a big leap from 'We can reprogram key fobs' to 'how can we access the OBD port to do that?' is it? How many of thousands of men in vans have the kit to reprogram keys, reset car stereo security codes or offer odometer 'recalibration' services?
maffski said:
nickz32 said:
Scuffers said:
nickz32 said:
ANY car that runs one of the BMW style "keyless" fobs has the capability of having a key programmed by the OBD port.
The simple and annoying truth is that no matter what you do to secure your pride and joy, there will ALWAYS be a way someone can steal it. No matter how complicated a security system, no matter how you clamp it, steering lock it, or chain it to the floor, if someone wants it bad enough (especially for those of you who are lucky enough to have a gorgeous piece of exotica on your drive) someone out there will have the tools and know how to steal it.
not really, the point here is that the CAN bus access to the CAS is un-encrypted, that's just sloppy.The simple and annoying truth is that no matter what you do to secure your pride and joy, there will ALWAYS be a way someone can steal it. No matter how complicated a security system, no matter how you clamp it, steering lock it, or chain it to the floor, if someone wants it bad enough (especially for those of you who are lucky enough to have a gorgeous piece of exotica on your drive) someone out there will have the tools and know how to steal it.
Yes, you could argue that if it was encrypted it could still be hacked, but the reality is if they used a decent encryption, it would take too long to crack if indeed you have the CPU horsepower to crack it available as a portable device.
LongLiveTazio said:
The real interesting thing is why BMWs. Other makes are susceptible so I can only assume an ex technician and flogging the info to criminal gangs who are now proficient.
that's not the problem, the problem is that you can buy a key programmer of Ebay along with new keys.these can be programmed within 10 sec's of access to the OBD port....
currently, it's not encrypted as such, yes, the CAS to ECU may be, but that's irrelevant to this problem, it's the OBD to CAS that's not.
Who knows how somebody worked this out? the point is they have and BMW have made it easy for them.
(No different to the door locks, only 8 leaves, 4 combinations (although tolerances are so bas that you only need 2), thus some 16 pairs of 'half keys' covers every combination (and you can buy a nice shiney tool to decode the lock anyway!)
there is no excuse for not having one-way encryption to talk to the CAS unit with a one-time code that's unique to every car.
Gassing Station | General Gassing | Top of Page | What's New | My Stuff