Reply to post: Not IoT related, just bad security

Sons of IoT: Bikers hack Jeeps in auto theft spree

EveryTime Silver badge

Not IoT related, just bad security

Sophisticated car security has been around for over two decades and Jeep still has it wrong?

The European Insurance Commission issued guidelines in the early 1990s requiring more sophisticated protection. BMW, for example, introduced their system in 1993. The dealers don't have access to the key cut codes or the security programming information. They have to request that a key be made by the regional distribution center.

Of course the dealers love this system. It's used to charge outrageous amounts, over $300 from some dealers, for replacement keys. And even more for a 'new' security module if all 10 key slots are used. But it does prevent this kind of security breech, which is completely predictable if you let every dealer (and thus an unknowable number of un-vetted people) have access to the keying information.

Clever people have reversed engineered the BMW system so that you can cut and program your own keys. But you still have to remove the inconveniently mounted security module and connect directly to the microcontroller pins to extract or reprogram the security keys. While it's not what BMW intended, the result is a good compromise between security and owner repair capability.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019