Feeds

back to article Got a BMW? Thicko thieves can EASILY NICK IT with $30 box

BMWs and other high-end cars are being stolen by unskilled criminals using a $30 tool developed by hackers to pwn the onboard security systems. The new tool is capable of reprogramming a blank key, and allows non-techie car thieves to steal a vehicle within two or three minutes or less. On-board diagnostics (OBD) bypass tools …

COMMENTS

This topic is closed for new posts.

Page:

Facepalm

"limited to "older" BMW models"

Anything over a year old then.....

Whats that? 95% of all BMW's then? It certainly affects 100% of those in the staff car park.

Take pride in their security? There is none once you have broken the window, what is there to take pride in~?

Great example of more crap coming out of a company, talking to its customers as if they were morons.

17
2

Re: "limited to "older" BMW models"

Anything after about 2006 when they introduced the remote key (the one without the good old fashioned metal part)

0
0
Bronze badge
Boffin

Re: "limited to "older" BMW models"

You can still use the metal part that's encased inside the fob to open the door / boot manually. This was advice given to us years ago in our Houston office about hire cars and people stealing shopping when you went back to dump it of before getting more, especially at Christmas.

0
0
HMB
Bronze badge

Blame Game

It's the EU's fault.

It's the OBS port's fault.

It's the fault of people selling the tools to bypass security.

Bad security design based on obscurity? Couldn't be that.

31
1
HMB
Bronze badge

Re: Blame Game

OBD (Typo)

0
2
FAIL

Re: Blame Game

It is in part the fault of the others on the list - in that the OBD standard does not call upon any encryption requirement - it was designed to allow californian cops to read whether your car had declared to you that the emissions limiting equipment was faulty. - so the same readers had to work in perpetuity.

They could have designed it better, even to firewall off just the compulsory protocol commands.

the French have recently proposed anti-competetive legislation to the effect that all french garages shall be able to reprogram ECU's of any sort without having to be registered dealers and essentially under a FRAND type agreement. Though good for competition, its impossible for security - well the concept of a trusted dealer was never a good one, now it is busted we may get tools that require a session into the heart of the OEM in order to decrypt the protocols.

1
0
Anonymous Coward

Re: Blame Game

Meh, clearing/resetting/reprogramming certain registers in an ECU is not the same as reprogramming the same ECU. The OBD protocol is open is a good and healthy thing. The manufacturers not putting much or any sort of security into the individual modules is cost cutting. BMW are simply lying when they state that the techniques didn't exist when they designed the cars. An off the shelf kit didn't exist, but they and plenty of other manufacturers were worried about this sort of thing from a warranty perspective well over a decade ago.

Car manufacturers should (and to some extent do) treat data buses within their cars as the IT industry treats their networks, with a constant degree of suspicion. Firewalling off the OBD port or having a different protocol (GM/Ford US) or multiple CAN buses is something some manufacturers do, but it's not a real solution as you can always get physical access to the wiring (thankfully if you've got a fault to diagnose).

6
0
Silver badge
FAIL

Re: Blame Game

I was just about to say, Ford firewall the security from odb. In fact you need a dedicated ford reader to diagnose security module errors via odb as the aftermarket tools arent available.

It is akin to having an open network, sure if you have guest read only info then that is fine but not for a button that says "open doors".

0
0
Anonymous Coward

Re: Blame Game

I'd like to blame OBS after a summer working with the buggers on the Olympics.

0
0
Silver badge

Certain criminal threats - do not exist when cars are designed

They certainly do.

An unsecured "back door" into the system is a definite no no. The threat was a clear and present when the car was in the design stage!

Thinking about it from the point of view of physical keys and locks: What good is a car with a sold lock on each door if all a potential criminal has to do to get in is pop the hood?

11
0
Anonymous Coward

Re: Certain criminal threats - do not exist when cars are designed

"What good is a car with a sold lock on each door if all a potential criminal has to do to get in is pop the hood?"

i don’t know if BMW's are difrent the other side of the pond, but over here in li'l ol' blighty, along with 99% of all other cars, you cant open the "hood" or bonnet as we like to call it without opening the door first. The lever is usually in the drivers compartment, if no it , it requires a key to unlock it...

I can sort of see where BMW are coming from, The ODB has to be open so third party garages can actually work on the card. the connection point has to be a standard plug, within 100cm of the steering wheel, and needs no tools to access it. There is no way it would be possible to secure a car once entry has been gained with a system like this. No matter what hurdles are put in place, the memory of the ECU is not read only susceptible to attack. the bare minimum to gain access would be a clone of a key that you have a copy of the ROM for and flash the entire ROM.

this has really been caused by the EU making laws for the general good, but messing things up in reality..

I am pretty sure most of us could actually come up with some sort of security that would work within the ODB guidelines, but I would also imagine the cost would put the price of the car up to an unacceptable price, which would mean true security would be an optional extra.

2
4
TRT
Silver badge

Re: Certain criminal threats - do not exist when cars are designed

I'm concerned that you can get into the car without setting the alarm off in the first place!

5
0
Bronze badge
WTF?

Re: Certain criminal threats - do not exist when cars are designed

"but I would also imagine the cost would put the price of the car up to an unacceptable price"

I don't recall Beemers being particularly cheap to begin with?!

2
0
Bronze badge
Childcatcher

Re: Certain criminal threats - do not exist when cars are designed

'What good is a car with a sold lock on each door if all a potential criminal has to do to get in is pop the hood?'

"you cant open the "hood" or bonnet as we like to call it without opening the door first. The lever is usually in the drivers compartment, if no it , it requires a key to unlock it..."

This statement is similar to claiming the door can't be opened without a key. If there is a lever release to open the hood, it can be operated by yanking the cable that connects the lever to the latch. It's designed not to be easy, but it is possible.

1
1
Silver badge

Re: Certain criminal threats - do not exist when cars are designed

"The connection point has to be a standard plug, within 100cm of the steering wheel, and needs no tools to access it."

That doesn't preclude it being in a lockable compartment.

0
1
TRT
Silver badge

Re: Certain criminal threats - do not exist when cars are designed

Yes it does. If you consider the key as a tool.

1
0
Bronze badge
Facepalm

Re: Certain criminal threats - do not exist when cars are designed

i don’t know if BMW's are difrent the other side of the pond, but over here in li'l ol' blighty, along with 99% of all other cars, you cant open the "hood" or bonnet as we like to call it without opening the door first. The lever is usually in the drivers compartment, if no it , it requires a key to unlock it...

Here in li'l ol'blighty it is quite possible to open the bonnet (or "hood" as the American called it) on most cars by manipulating the release cable.

2
1
Silver badge

Re: Certain criminal threats - do not exist when cars are designed

>I don't recall Beemers being particularly cheap to begin with?!

But imagine if BMW managed to get the legislation overturned so that they could only be serviced by a BMW dealer and only MOT'ed/smogged by a dealer.

"I'm sorry sir your 1 year old car's ashtray is full and we don't service that model anymore" - "would sir like to buy a new one"?

2
0
Anonymous Coward

Re: Open bonnet/hood

An important point that you all forget to mention is that regardless of how easy it is to physically open the lid, there is an alarm sensor as well which will alert the car's security system and immobiliser.

The alarm will be sounding loudly and you can bet wherever it's coming from has been designed to make it difficult to get to.

In my experience the OBD port is always located inside the passenger compartment anyway.

0
0
Gold badge
Joke

Re: Certain criminal threats - do not exist when cars are designed

""I'm sorry sir your 1 year old car's ashtray is full and we don't service that model anymore" - "would sir like to buy a new one"?"

The iBWM perhaps?

2
4
Anonymous Coward

Re: Certain criminal threats - do not exist when cars are designed

Yep. The threat existed long before, it's just the exploit that is new.

0
0
Silver badge

"That doesn't preclude it being in a lockable compartment."

But the cable then extends to the engine where it attaches to various components. Pop the hood/bonnet and plug in at any one of ten or more convenient sites.

0
0
Anonymous Coward

Re: Open bonnet/hood

Sadly does anyone pay much attention to alarms going off on cars these days? I hear one I usually take a quick gander for anyone shifty standing near it but most of the time though I have other stuff to be getting on with, so I mutter something about "Complete dipstick with a stupid car alarm!" and ignore it!

1
0
Anonymous Coward

Re: Open bonnet/hood

Apart from when the OBD port is right next to the drivers door, and the alarm has a dead spot between that and the window so the thief can take out the window and slide their hand down to the port without setting off the alarm...

0
0
Bronze badge
Stop

Re: Open bonnet/hood

I do if I think it's mine!

0
0
Gold badge
Happy

Re: Certain criminal threats - do not exist when cars are designed

4 thumbs down?

My my I seem to upset both the beemer and the fruity fanbois.

A sense of humor is a *very* useful part of any IT office survival kit.

You might like to think about getting one.

0
0
Silver badge

As if I needed another reason not to buy a BMW

Fortunately there are enough already

8
7
Stop

put a lock on the OBD port

A simple physical key lock on the OBD port should keep their techno mitts clear.

Wire that up to the alarm sensor as well. BMW could do that for a nominal charge of say £100 fitting (£35 parts + £65 labour).

I would be more worried why it doesn't seem hard for them to gain entry into the vehicle in the first place.

3
1
Boffin

Re: put a lock on the OBD port

"A simple physical key lock" like cars used to have?

A secure physical key lock maybe...

1
0
Silver badge

Re: put a lock on the OBD port

"BMW could do that for a nominal charge of say £100 fitting (£35 parts + £65 labour)."

BMW didn't get where it is today by offering bargains.

8
0
Meh

Re: put a lock on the OBD port

I don't know about BMW's - but my V70 has a key hidden in the keyfob that is used for nothing except unlocking the car when the battery is dead and locking the glove box when it's serviced (if you want to do that).

Why not simply use that to secure the ODB port. No special tools are required as per EU instructions.

There again, how long would it take them to force the lock and just gain access anyway? Would making key setting a main dealer only item then make fall foul of the EU law?

Could you have a two tier system:

- program key from key = non main dealer

- program kays from nothing = main dealer

2
1
Gold badge
Alert

Re: put a lock on the OBD port

"Could you have a two tier system:"

Some manufacturers (Ford? I'm looking at you...) have already done this. This means that if you do lose the "master" key, they will replace it at "got you by the balls and we're gonna squeeze really hard" rates.....

You see improved security, they see an opportunity to rip you off.

4
0
Unhappy

Re: put a lock on the OBD port

Unfortunately they will, but I am not sure what else you can do...

I know for my R6 it's even worse. I have a 'red' key. It doesn't start the bike, but does put it in learning mode for if you need a new key.

Should you lose the red key and then break your black keys you need to replace the ECU to get the bike working again. Gulp!

My red key is in a safe place!

1
0
Silver badge

Re: put a lock on the OBD port

>- program keys from nothing = main dealer

IIRC Merc did this for their super-ninja-laser-cut-kryptonite keys.

Unfortunately they allowed any dealer to order the keys - and didn't get suspicious when some dealer in Borat-istan was requesting new key codes for 1000s of cars.

2
0
Silver badge

Re: put a lock on the OBD port

ford arent really ripping you off. You can buy the part yourself, it is a standalone security module that comes pre pared with keys. Good luck fitting it though. Try buying an ECU for any electrical appliance, they arent mass produced items so cost more. If you lose BOTH keys then odd are it is your own fault (not always but in cases of fires, floods, theft thats why we have insurance). You can reprogram another key from an existing key EXTERNAL to the car. It is easier to reprogram a key within the car though.

Second point. DO NOT let your battery run flat on a modern ford key, you will need to reprogram it if you do. The capacitor is only good for 30 seconds or so too so dont be tardy when changing the battery.

0
0
TRT
Silver badge

Re: put a lock on the OBD port

I'd put the port in the door recess under a removable panel. That way, you have to have the door physically open in order to reach the connector. For ODB tests that require connection whilst the car is in motion, you could always lead the ODB connector out with a thin flexible cable pinched in the door seal.

1
0
Orv

Safe place...

I think this is why I've almost never bought a used car and gotten the original keys...just copies of copies that barely work. The previous owner probably put the original in a "safe place" and then forgot where that was. ;)

The one exception was, oddly, a 40-year-old Saab 95, which still had the original key. Unfortunately it didn't have most of the original LOCKS. ;)

0
0

Re: put a lock on the OBD port

@TRT That's exactly where it is on my 5 series, doesn't stop them. Smash window, open door and voila.

0
0
Anonymous Coward

Re: put a lock on the OBD port

same on BMW's

0
0
Anonymous Coward

Re: put a lock on the OBD port

But doesn't that set the alarm off?

0
0
FAIL

A poor excuse

ODB ports have to be open - yes.

But when it comes to security, it shouldn't be possible to plug and go - the security reprogramming routines should be encrypted with only the unlock certificates installed in stealership computers. Have they not heard of read vs read/write?

Shirley it must be possible to allow the local non-oem garages to be able to access and edit the ECU system settings, but prevent access to the really important bits?

1
3

Re: A poor excuse

"......but prevent access to the really important bits?"

that’s the point of the ODB system...... so that you are not locked into a visit to the dealers for ANY part of a repair for your car.

I can think of a few ways to make it secure without compromise, but price would be the overall factor that would rule it out as viable for mass production.

0
1
Thumb Up

Re: A poor excuse

Quick off the top of my head thought; introduce an artificial 30, 60, or 90 minute delay in the process of programming a blank key - probably 2 extra lines of code. Yes, a bit of a hassle when you've lost your key, having a wait a short while to program a new one, but hardly the end of the world. What thief is going to want to sit and wait that long while the car does it's thing?

5
1
Gold badge
Mushroom

Re: A poor excuse

A BIT OF A HASSLE??!!!!???

At the labour rates those bastards charge it's a sight more than that! They're quite capable of coming up with enough excuses to rip you off already, without your giving them ideas.

What they need to do is fix the ruddy thing so you can't program a key to the car without the security code (i.e. fix the sodding great bug allowing this to happen).

1
0
Anonymous Coward

Re: A poor excuse

Erm, howabout they program the blank key, scarper and then come back a few days later to nick the car?

0
2
Anonymous Coward

Re: A poor excuse

"Erm, howabout they program the blank key, scarper and then come back a few days later to nick the car?"

Well, I think your suspicions would be raised when you go to get in your car to find it a) with a broken window, b) unlocked, and c) with a blank key (now programmed) sat in the slot.

2
0
Zot
Bronze badge
Facepalm

Re: A poor excuse

Can't the theif just walk around the corner while this process is being done? "ave a cuppa tea 'n' get back at 2am for a spin"

0
0

Re: A poor excuse

"Quick off the top of my head thought; introduce an artificial 30, 60, or 90 minute delay in the process of programming a blank key - probably 2 extra lines of code. Yes, a bit of a hassle when you've lost your key, having a wait a short while to program a new one, but hardly the end of the world. What thief is going to want to sit and wait that long while the car does it's thing?"

+ With the alarm going off!

1
0

By pointing out it's already fixed...

suggests they knew about it last year. Also suggests they hoped it would stay quiet - they'd have contacted the customers to warn them otherwise eh?

5
0
Anonymous Coward

On X5/X6 it's fixed. The rest of us have to wait 8 weeks

It wouldn't be so bad if the internal ultrasound sensors worked or the alarm siren actually made a bit of noise more than 50 db.... That would at least deter the potential thief.

BMW have a lot of work to do here....

0
0

Page:

This topic is closed for new posts.