Reply to post: Re: Not IoT related, just bad security

Sons of IoT: Bikers hack Jeeps in auto theft spree


Re: Not IoT related, just bad security

This is not 100% correct. I think your procedure applies only if all keys known to the vehicle computer are lost.

If you just lose one, you can order a replacement, it will arrive mechanically precut at dealership, and then the local dealer can use his diagnostic device to program the new keyfob into the vehicle. Procedure simplified:

1. Diagnostic device communicates to BMW central servers to get auth/leave audit trail

2. At least one keyfob known to vehicle has to be present for "authentication"

3. New keyfob is registered

4. Lost or broken keyfob is removed from pool

Unfortunately, BMW fucked it up majorly, and you can steal even the recent ones by using a handheld aftermarket piece of kit and generic transponder. Somewhere in the procedure is a way to bypass the "known keyfob present" requirement. IIRC from the tech analysis it had to do with shitty crypto implementation. It is possible to just a third key into the pool, bypassing the theoretically quite clever system.

There's youtube videos that show pros pulling that off, evidently on some models the interior motion sensors are too narrow, and you can smash a window, wiggle you arm to the diagnostic port without triggering the alarm, connect the handheld device, scramble the new key into the pool. Then you click the fob and off you go.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019