Gone in 60 seconds… has modern car security gone off track?

BMW should do a recall and retrospectively fix this problem on all affected vehicles. It was negligent of BMW to implement this backdoor into the car’s engine management system without proper authentication.

I wouldn’t go back to advocating the old method. I had an escort a few years ago and it was stolen by
a) hammering a screwdriver into the lock to open it
b) digging the ignition mechanism out of the steering column and then starting it with a biro (it’s a hexagonal shape)
c) kicking off the steering lock

Wherever you have an expensive consumable good just sitting in the street, there will always be thieves. Personally I drive a BMW and am a bit worried about this, but there’s always the point that the dealer will always know how to code an operate this mechanism. All it takes is 1 easily led employee and they’ll have a field day.

Perhaps it’s time to give each customer a personal code assigned to their keys that isn’t part of a BMW database. Then if there is a problem with ignition/starting/security that needs to be fixed in the garage, the customer can furnish the dealer with it to do the work.

It would also protect from thefts as the dealer arranged key will not have the unique code. But then with any computer system, it can always be hacked

Yet again, as with the run-flat, BMW lead the way. : (

I am always amazed that so little thought is invested on how systems can be defeated BEFORE they are launched into the market place.

I agree with ‘Argus’ & ‘dieseltayl’ on the points they make.
Wouldn’t it be wonderful, if when the car was interfered with & the alarm activated, the body would immediately be electrically charged boosted via the high voltage ignition system……….!!!

My 2009 M3 Convertible was stolen a few weeks ago in Birmingham on a Sunday afternoon in broad daylight. I was lucky that my vehicle was recovered a few hours later….nevertheless I was shocked to discover how quickly, easily and how many vehicles with supposedly “Thatcham 1 Security” were being stolen – all thanks to the weaknesses and flaws in BMW’s security system..

BMW are aware of the problem but don’t seem to have a solution. Hopefully more media attention will start to shift their priorities.

BMW owners take note and take some basic steps to protect your property.

Why don’t they make the OBD port less accessible?
Put it under the boot floor or in the glovebox or armrest – at least then the alarm will be activated?

Our BMW x5 was stolen from our drive last week, Wednesday/Thursday night. We have both sets of keys . The police attended and advised us that a “scanner” had been developed by thieves to enter and start BMW s without the keys. The police said highly unlikely it would be recovered, and due to lack of forensics etc they would not be actively pursuing the matter.
We are so shocked and angry. Our car was in our local dealer Sytner of Harold Wood, twice in the last three months once for a pre winter check up , and body work. Why didn’t Sytner warn us, or offer the security upgrade they are supposedly offering on the free phone no. We didn’t know about about the problem,not being readers of motoring magazines or websites before this. Why should we??
We feel that BMW had a moral obligation to advise its clients/customers of any possibility of problems with any aspects of safety or security. What if it had been a possible brake failure??they would have done something about that surely.

BMW after service is extremely poor i asked the question about the security system and their response is very negative. It needs all insurance companies to refuse insurance on any BMW cars and when sales drop off BMW will do something about it, until then people should just walk away from BMW.

Hi

Thieves attempted to steal my 2007 BMW 530d off my drive. I heard a noise came downstairs and found a guy leaning into the smashed window of my drivers door. He was attempting to access the OBD port.

My car had the security update a few months ago. I was puzzled as the alarm didn’t go off while the guy was inside my car. It turns out that there is a black spot in the ultrasonic senor on the car that does not cover the drivers column and the area covering the OBD port. BMW know about this issue but have not offered a resolution or anything constructive. BMW could stop all these thefts if they provided an upgrade to the ultrasonic sensor that covered the whole of the cars interior, then the alarm would go off then the window is smashed and the thieve leans in to try and access the OBD port, then over time the thieves will know they can’t attempt to access BMW’s without detection.

My 5 series was stolen overnight. I only bought it that evening and woke up to find it gone.
This happened yesterday!
I’m so gutted. BMW should do a recall just like how Toyota recalled their cars when they had a fault.
I will never buy another BMW.

From EETimes
How Hackers Can Take Control Over Your Car
Junko Yoshida
7/8/2013

” CAN bus is the crux of the issue?
While noting that the CAN bus is a “good, fault tolerant network” inside a car, NXP’s Besenbruch acknowledged that there are a number of ways hackers can worm their way into the internal network and get to the Electronic Control Unit (ECU).

The flexibility of the CAN bus has created a safe and cost-effective network enabling vendors to attach a number of computer control systems (ranging from the window controllers to the locks and critical safety elements such as brakes and engine). But that flexibility also creates the opportunity for new attacks — including one in which a car’s internal network can circumvent all computer control systems including mission-critical functions. Besenbruch acknowledged that it’s entirely feasible for someone to remotely turn the car-audio volume ALL THE WAY UP, for example, or worse, stop or start the engine at will. ”

Like many advances the Vendors are interested in cheapness not security so beware with new technologies. Bear this in mind with modern payment methods and cards as replacements for cheques and cash. Many people interested in making money from the concepts but ultimately they all rely on safe computers and electricity. Back up systems are not stupid and perhaps BMW should have considered a mechanical back-up.

Hi
I cannot believe what I have just read above, my 330d 2006 msport , fully specced,has just been stolen overnight. I was confused as I have both set of fobs and the valet key.i checked the area for glass, that was all clear.
My only thought was maybe somebody entered my property somehow and opened the doors with the fob and left them back so I don’t get suspicion.
It was only when the officer explained , there’s some devices out in the market that can open these high value cars so easily and reading above has given me a clear picture of what is happening.
I am applauded with the security of this cars and now knowingly will never invest in a BMW until certain the issue is solved.

about the OBD socket. This is the method in how to clone you fob key if you lose you fob BMW plug a gadget in to clone the fob codes then copy to a new fob. The problem is the OBD Is alive even when the fob is taken out of the ignition socket that with a poor alarm system that does not cover the area where the OBD socket is situated well it spells trouble and has for hundreds if not thousands of BMW owners and this is not on. I told BMW this in 2009 when I bought my x5 there was a security problem may as well talked to a brick wall. And yes they did put a security patch to cover theOBD seen around it in 25 minutes to crack. The OBD needs to be moved say under the bonnet or kill the electric supply to the OBD so if the thief breaks window and plugs his/her gadget in to clone the fob codes it will not work as you need electric for this process to complete BMW after sale is a disgrace 4 years this has been going on and no answers yet well I have just giving you one BMW!

http://www.darkreading.com/mobile/bmws-software-security-patch-a-sign-of-things-to-come/d/d-id/1318933?

Comment on BMW currently doing security upgrades over the air and the possible problems.

My own view is as we know pretty much everything is hackable or compromised the idea that broadcasting changes through the ether seems even stupider as it could affect tens of thousands at once.

Also if there is a foul-up – and we all know of upgrades put out by the likes of Microsoft and Apple -. that have unintended side effects at some future date there may be a hack/error that will immobilise thousands of cars.

If this sounds a tad Luddite I would point out that BMW are doing this because it potentially saves them tens of millions in not having to call back cars to a garage [BMW pay the garage] to sort out software deficiencies.

Security, as in preventing cars being stolen or turned into lumps of metal with inoperative parts, is hugely important. I always believe in having very good security preferably a physical and a software lock, and always if changes are made to them being gradually rolled out to avoid things being “bricked”. Given we are talking software probably the “bricked” remains a correct description of no longer functioning software dependent appliances.

Being a garage in the Midlands we’ll be sharing this article on our Facebook page to help raise awareness!

My 2006 bmw 550i m sport was stolen like this wednesday morning. A neighbour saw it speeding through a red-light at 4.30 am.

[This comment has been tweaked for breaking our commenting guidelines. Thanks, Patrick.]