BMW Thefts

traco

A friend of mine had a 5 series stolen and still had both keys. I didn't believe it was possible but apparently thieves have a system now to access the onboard computer and program a blank key.

This happened a few days back on the Northside. Thought it was worth making owners aware. More details about it in the UK in this article
http://www.bbc.co.uk/programmes/b006mg74/features/bmw-car-theft-technology

rocky

Big thread on Pistonheads

http://www.pistonheads.com/gassing/topic.asp?h=0&f=72&t=1121571&mid=380695&nmt=New+BMW%27s+getting+stolen+using+blank+BMW+keys

listermint

bmstuff wrote: »

The update to prevent this from happening is available since Nov. 2012.

I can update your car to the latest software so you won't be affected (By this way at least).

Cost 150 euros, takes a few hours.

Arent BMW covering this under warranty repair ?

shinkansen

without reading 200pages on PH, lets get this right

BMWs from the last 4/5 years can be accessed with a blank key and some access to the OBD port to drive away the owners car without a bother? cars costing ££££.

and a solution is just out in the last few months.?

sounds like a bit of a farce to me.


i assume that insurance policies or BMW would refund all losses incurred?

shinkansen

seems BMW dont want to know... not very surprised, they just want the readies and off you go.

"BMW are not interested in this one bit, they didnt even care about my car being stolen. The fact is they are not liable unless the car explodes and kills the driver....see below

"Thank you for your further email dated March 18, 2013. I am sorry to learn that your BMW 520d M Sport has been stolen. I can certainly appreciate the disappointment and concern caused by this.

"Criminal activity of all kinds is becoming increasingly sophisticated and particularly in this electronic age, evolves with incredible speed. For highly complex, valuable and desirable products like cars, this has been a constant battle for manufacturers, legislators, the police and of course the owners of these cars."

"Please be assured that your vehicle was built to a standard that meets all required legislations in terms of security and safety. However, we did release an enhancement for any customers who contacted us concerned about the type of theft shown in recent media articles. Information regarding this update was available on our website and it was also announced in the press and through other media such as TV. This was not announced as a vehicle recall as there was no safety issue present."

"I understand that you are concerned about recovering the costs for your vehicle. I can advise that your insurance company and the police are in the best position to assist you further. I trust that they will thoroughly investigate this matter."

"Once again, I am sorry that you have had cause to contact us. However, I trust that you will accept this email as clarification our position on this matter."

shinkansen

doesn't fill me with confidence into the thought of buying a 6 pot 3 series tbh.

Northern Monkey

It's covered in the UK dealer network for free.

bmstuff

shinkansen wrote: »

doesn't fill me with confidence into the thought of buying a 6 pot 3 series tbh.

It affects 07+ cars though.
Don't know which model you had in mind.

bmstuff

Northern Monkey wrote: »

It's covered in the UK dealer network for free.

If that's the case, there is a good chance it would be free here too.
But I don't think this is actually the case, even in the UK.
Now I stand corrected, do you have any reference to this?
If it is, happy days.

bmstuff

Ok is it me or the update only changes the door/window's behaviour?
Some are saying you can still duplicate a key using the OBD port?
If that's the case, it is pretty useless and only a quick coding session will take care of this. In that case a OBD port lock is the only solution, or relocation.

This is not going to prevent them from breaking the window without the alarm going off (This is the way it was designed, believe me or not).

rocky

I think the fix is 2-fold:
- disable the window drop with key in door
- to code a new key, the original/valid key needs to be present

Plus, this vulnerability only applies to cars with comfort access (start button)

tweaf1

Just been informed by (BMW Ireland through UK) that the OBD update is chargeable here as they don't have any reported cases here.

rocky

bmstuff - banned? what?

randy hickey

How in the name of Jaysus can you get banned for discussing BMW security systems?

Bigcheeze

randy hickey wrote: »

How in the name of Jaysus can you get banned for discussing BMW security systems?

Might not be banned for something he posted. Bans are pretty common for having multiple accounts no ?

TouchingVirus

http://www.boards.ie/vbulletin/showthread.php?t=2056911143

randy hickey

Phew, justice prevails!
Fair play to Boards....now, back on topic.

randy hickey

So basically, you need the appropriate blank key and this gizmo;?

https://www.youtube.com/watch?v=kVmPfCFFkqQ

Is it really THAT simple?

Please tell me I'm wrong.

Alanstrainor

Jaysis :eek:

rocky

randy hickey wrote: »

So basically, you need the appropriate blank key and this gizmo;?

https://www.youtube.com/watch?v=kVmPfCFFkqQ

Is it really THAT simple?

Please tell me I'm wrong.

For cars having the comfort access and without the security update, it is that simple...

randy hickey

I found other links that I'm sorta afraid to put up, but let's just say that in the case of these BMWs, it's a case of Gone In 180 seconds.:eek::eek:

Voodoomelon

If I had a modern BMW, I would gladly pay €500 so that only a dealer can replace a key, if it meant devices like above are kept out of the hands of scumbags. Ridiculous that these are available to buy.

Cuddlesworth

I posted on this a while ago. The tyre pressure sensors are attached to the odb ring network by wireless technology. The odb network is not encrypted. Guess what happened next.

This isn't a BMW only problem. But it is a stupid one.

coolisin

Would a steering wheel lock help prevent this?
A simple analogue solution in a digital world.

It's scary how easy it is to reprogram the keys.

bmstuff

coolisin wrote: »

Would a steering wheel lock help prevent this?
A simple analogue solution in a digital world.

It's scary how easy it is to reprogram the keys.

Probably still the best solution around if they were planning to make a new key.
That usually add some significant delay in nicking the car, and many do not even bother when they see one.

Other than that a hidden switch could be used too by rewiring the OBD port.
The port would be dead all the time, no incidence on a daily basis, you would only need to enable the switch when going to your mechanic/dealer.

galwaytt

Cuddlesworth wrote: »

I posted on this a while ago. The tyre pressure sensors are attached to the odb ring network by wireless technology. The odb network is not encrypted. Guess what happened next.

This isn't a BMW only problem. But it is a stupid one.

Holy Fupp. That's mad, Ted.

...clever monkey's who figured out the back door, though..........

galwaytt

bmstuff wrote: »

Probably still the best solution around if they were planning to make a new key.
That usually add some significant delay in nicking the car, and many do not even bother when they see one.

Other than that a hidden switch could be used too by rewiring the OBD port.
The port would be dead all the time, no incidence on a daily basis, you would only need to enable the switch when going to your mechanic/dealer.

Or, move the ODB socket somewhere else (say, glovebox).

the icing on top would be to...........then use the 'old' OBD port and to, say....wire a good 'ol fashioned HT coil onto a pair in the connector. Result, one Kentucky-fried OBD device....

Anan1

galwaytt wrote: »

Or, move the ODB socket somewhere else (say, glovebox).

the icing on top would be to...........then use the 'old' OBD port and to, say....wire a good 'ol fashioned HT coil onto a pair in the connector. Result, one Kentucky-fried OBD device....

... almost certainly belonging to an innocent mechanic somewhere down the line!

On a more serious note, comfort access is a relatively rare option. Is it only these cars that are affected?

rocky

Anan1 wrote: »

... almost certainly belonging to an innocent mechanic somewhere down the line!

On a more serious note, comfort access is a relatively rare option. Is it only these cars that are affected?

That's what BMW are saying and I believe them

Anan1

rocky wrote: »

That's what BMW are saying and I believe them

Sure you're too lucky to ever have your car stolen.

rebel.ranter

Anan1 wrote: »

... almost certainly belonging to an innocent mechanic somewhere down the line!

On a more serious note, comfort access is a relatively rare option. Is it only these cars that are affected?

It's not the comfort access option that is vulnerable. It is every BMW with the fob type key, the one that doesn't have a blade for use in ignition barrel. These are standard on every BMW from around 2006. BMW UK put a cut off on the date of the security patch (2007) purely based on the perceived value of the car, it does also affect 2006 cars.

The solutions as mentioned are:

- steering wheel lock
- ODB port disable
- Enable audible "chirp" for locking

Steering wheel lock is a great visual deterrent, easy to remove maybe, but a thief will move on to the next easier car. BMstuff's suggestion of a switch on one (or more) of the data lines in the ODB port is probably the best way to ensure your car stays on the driveway. Enabling the audible chirp allows you to be sure you've locked the car. In the UK the theives have been using a jammer (433MHz) to prevent you remote locking your car. The idea is you park up for the night, you think you have locked the car because you clicked the lock button on your key. When all is quiet & you're tucked up asleep in bed they simply open the car door without breaking any window & use their key fob replicator device attached to your ODB port. Car gone! At least with the chirp they will have to get in to the car with a bit of effort!

I don't think the "security update" is worth a jot, anything I have read on it suggests that the compromise still exists, the theives simply need to do a software update of their own kit to be right back in the game.

This is not just a BMW problem, any brand that utilises a fob type key like Mercedes, Audi/VAG, etc. are vulnerable. BMW are getting all the publicity right now.