/ Motoring

Gone in 60 seconds… has modern car security gone off track?

It seems that the car theft technique used in the movie Gone in 60 Seconds, starring Angelina Jolie and Nicholas Cage, has become a reality. BMWs are being stolen by thieves hacking into the security system.

Thieves in the Midlands are stealing expensive BMWs by using computer software to reprogramme the car’s engine management system so that they can start the car using a dummy key fob.

To do this they have to smash the car’s window so that they can plug in the reprogramming device, which is actually designed to help garages carry out diagnostics and repair work. Then they simply wait a couple of minutes while the car is altered to recognise their key.

According to some industry sources, this problem has arisen because it’s possible for anyone to buy the reprogramming gadget for as little as £70 online.

So, even though car theft is going down overall, more BMWs have been stolen so far this year in the West Midlands than in the previous year (314 thefts compared to 258).

The insecurities of high-tech car security

This raises the question – if carmakers are making their cars ever more sophisticated in all sorts of ways, why aren’t they able to stop them from being stolen?

It seems that every time manufacturers bring out new security technology they think will make their cars harder to pinch, but criminals simply take a bit of time to work out a way round it. And that seems to have been true for many years.

So is there a case for ditching all the high-tech kit, such as start-stop ignition buttons that only require the car’s key to be in the vicinity to allow the car to start? Perhaps we should go back to old fashioned ignition systems where the steering can be locked when the car is parked. At least with these, the car is immobilised when the key isn’t in the ignition and no electronic gadgetry can be used to unlock them.

And do we really need keys that will recognise our car as we walk towards it and unlock the doors? Or keys that allow us to wave our foot under the back of the car to open the boot?

As a parent who’s frequently loaded up like a pack horse with school and shopping bags, I can see the benefit, but not if it means a thief will be able to pinch my car more easily.

Comments
Profile photo of NFH
Member

BMW should do a recall and retrospectively fix this problem on all affected vehicles. It was negligent of BMW to implement this backdoor into the car’s engine management system without proper authentication.

Profile photo of thelm
Member

It might take a substantial re-think of the engine management system to start to tackle this. If they start to restrict access to the ECU (through bespoke interfaces and heavy security) they could be in a sticky legal situation when it comes to non-dealership garages carrying out work. I wonder if other vehicle manufacturers have similar potential issues?

Member
Paul Kelly says:
5 September 2013

The X6 has the same problem with 5% blackspot on the alarm, BMW ARE NOT INTERESTED in this problem due to cost, their fix is for the customer to have an additional alarm and immobilizer fitted at a cost of £280. It needs the Insurance giants to refuse cover on the cars that will effect on the BMW badge and numbers being sold

Member
Argus says:
13 July 2012

I wouldn’t go back to advocating the old method. I had an escort a few years ago and it was stolen by
a) hammering a screwdriver into the lock to open it
b) digging the ignition mechanism out of the steering column and then starting it with a biro (it’s a hexagonal shape)
c) kicking off the steering lock

Wherever you have an expensive consumable good just sitting in the street, there will always be thieves. Personally I drive a BMW and am a bit worried about this, but there’s always the point that the dealer will always know how to code an operate this mechanism. All it takes is 1 easily led employee and they’ll have a field day.

Perhaps it’s time to give each customer a personal code assigned to their keys that isn’t part of a BMW database. Then if there is a problem with ignition/starting/security that needs to be fixed in the garage, the customer can furnish the dealer with it to do the work.

It would also protect from thefts as the dealer arranged key will not have the unique code. But then with any computer system, it can always be hacked

Member
dc says:
13 July 2012

I’m led to believe the problem with bm’s is that the alarm doesn’t go off, as the area the plug-in socket is in isn’t covered, i.e. its an alarm black spot, so the window can be cut/forced/broken and then access to the ecu socket is clear.
As the alarm doesn’t go off the thieving s***’s then get the time needed to re-programme the key.
If the interior alarm went off maybe things would be different.

Profile photo of wavechange
Member

Hmm. Let us hope that no-one with criminal tendencies is reading Which? Conversation. 🙂

Profile photo of Patrick Taylor
Member

Yet again, as with the run-flat, BMW lead the way. : (

I am always amazed that so little thought is invested on how systems can be defeated BEFORE they are launched into the market place.

Member
Peter says:
14 July 2012

I had a 2006 BMW 330D M Sport. Thieves broke into the boot and stole my laptop and some other irreplaceable stuff. The Scene of Crimes Officer told me that this would have taken them about 4 seconds with a screwdriver and a hammer. They simply hammerered through the bootlock with the screwdriver and then using the screwdriver they turned the lock mechanism and opened the boot. Gone in 10 seconds. I wrote to BMW about this but it was like pulling hen’s teeth. They just did not want to know.

Member
Magoo says:
19 August 2012

Having worked in a BMW dealership myself I wouldn’t be at all surprised if they hadn’t pushed it back to your nearest or regular dealer Peter and told them to “find a solution”. I got sick to death of hearing that old chestnut, time and again, when I contacted the customer support department and requested assistance.

Profile photo of dubious
Member

I agree with ‘Argus’ & ‘dieseltayl’ on the points they make.
Wouldn’t it be wonderful, if when the car was interfered with & the alarm activated, the body would immediately be electrically charged boosted via the high voltage ignition system……….!!!

Profile photo of psj
Member

My BMW X6 was stolen a couple of days ago. This was during a busy lunchtime, from an open air supermarket car park operating an entry/exit ANPR system and in central Solihull which itself is covered with CCTV. I have all the keys and there were no signs of a break-in at the scene. In fact my wife spent most of her time convincing the authorities that she had parked there!

In talking with the police, it is clear that the thieves have become so brazen that they are simply taking BMWs, at will, using OBD access methods. I have not spoken with BMW as yet – but from reviewing the threads on various forums see little value in doing this.

I do hope your focus on this calls BMW to action.

Profile photo of psj
Member

After two and half years we have an outcome for this story. The initial reaction of the police and the store in question was most unhelpful. It was subsequently discovered that the ANPR at the store wasn’t operational but they were reluctant to share this information.

http://www.birminghammail.co.uk/news/midlands-news/walsall-brothers-sold-stolen-car-8615208

Member
M3SD says:
16 July 2012

My 2009 M3 Convertible was stolen a few weeks ago in Birmingham on a Sunday afternoon in broad daylight. I was lucky that my vehicle was recovered a few hours later….nevertheless I was shocked to discover how quickly, easily and how many vehicles with supposedly “Thatcham 1 Security” were being stolen – all thanks to the weaknesses and flaws in BMW’s security system..

BMW are aware of the problem but don’t seem to have a solution. Hopefully more media attention will start to shift their priorities.

BMW owners take note and take some basic steps to protect your property.

Profile photo of pauliboo
Member

Why don’t they make the OBD port less accessible?
Put it under the boot floor or in the glovebox or armrest – at least then the alarm will be activated?

Member
EasySolution says:
14 September 2012

It should be an easy software change on BMWs to disable the key programming functions until the car is unlocked with the alarm turned off. Then it would be impossible to program a blank key without first gaining legitimate access to the car. This assumes that the alarm will go off when a window is broken and a thief attempts to unlock the doors using the buttons inside the car, I’ve never tried, but I would hope that the unlock buttons are also disabled when the car is locked from outside with the alarm on ?

Member
Delboy1602 says:
5 April 2014

One simple solution no power to the OBD when the fob is taking out of the car fool proof. If you have no power you cannot reprogram but be aware if you loss you fob and do not have the spare you are in dire straits

Member
George Hynes says:
17 September 2012

You may wish to read this article to further make up your mind:

http://www.balitapinoy.net/journal/802147/BMW_Anger_Owners_At_Blase_Response_To_Easy_Car_Thefts

Member
Paul Kelly says:
11 October 2012

Very good article, I have already contacted my local dealer, and the response as usual was very negative, and no fix available and no re calling of vehicles, so I have done the only thing left and to walk away from BMW and take my custom else where, and if more people done this they would look at the problem if sales dropped off. I am afraid BMW back up now is very poor especially design failures(E90 steering coloum) but very lucrative for BMW to replace at customers expense.

Member
Charles Keisner says:
23 November 2012

In Jan 2012 I bought from BMW Dick Lovett a BMW X6 , one year old with 10,000 miles , in April the car was stolen from outside my home, some weeks later the police found the car in a container at Southampton docks and impounded it for forensic tests which took a total of 3 months , at the end of July the car was released and delivered to BMW Holland Park , due to the amount of work ( 55 hours labour) that was required my insurers decided to have the works carried out by BMW Heathrow although prior to having it moved the new updated security patch was installed on the 31st August. I finally got my car back in showroom condition three weeks ago and believe it or not the car was stolen last night from exactly the same spot as before. I have just spoken to Mr Sukh Bhamra customer service manager at BMW who has told me that the new security patch was to give their clients “peace of mind” and that I should contact my insurers as their is nothing BMW can or will do……what a joke!
It is quite frankly outrageous that BMW are turning their backs on customers and refusing to admit that their is a serious security fault with their top of the range models.

Member
Magoo says:
24 November 2012

I fully sympathise with you with this Charles.
As I have posted earlier (above) I used to be a service manager in a BMW dealer and, amongst other things, I got sick to the back teeth of not being fully supported by various BMW departments in head-office and having issues pushed back into my court with the instruction “find a solution”.
On the other hand, when it came to reviewing the monthly customer satisfaction index all hell was let loose by my area manager if results were not as they would like them. It was a travesty and a no win situation to be in.

Member
Mrs e. madden says:
10 January 2013

Our BMW x5 was stolen from our drive last week, Wednesday/Thursday night. We have both sets of keys . The police attended and advised us that a “scanner” had been developed by thieves to enter and start BMW s without the keys. The police said highly unlikely it would be recovered, and due to lack of forensics etc they would not be actively pursuing the matter.
We are so shocked and angry. Our car was in our local dealer Sytner of Harold Wood, twice in the last three months once for a pre winter check up , and body work. Why didn’t Sytner warn us, or offer the security upgrade they are supposedly offering on the free phone no. We didn’t know about about the problem,not being readers of motoring magazines or websites before this. Why should we??
We feel that BMW had a moral obligation to advise its clients/customers of any possibility of problems with any aspects of safety or security. What if it had been a possible brake failure??they would have done something about that surely.

Member
Paul Kelly says:
11 January 2013

BMW after service is extremely poor i asked the question about the security system and their response is very negative. It needs all insurance companies to refuse insurance on any BMW cars and when sales drop off BMW will do something about it, until then people should just walk away from BMW.

Member

Hi

Thieves attempted to steal my 2007 BMW 530d off my drive. I heard a noise came downstairs and found a guy leaning into the smashed window of my drivers door. He was attempting to access the OBD port.

My car had the security update a few months ago. I was puzzled as the alarm didn’t go off while the guy was inside my car. It turns out that there is a black spot in the ultrasonic senor on the car that does not cover the drivers column and the area covering the OBD port. BMW know about this issue but have not offered a resolution or anything constructive. BMW could stop all these thefts if they provided an upgrade to the ultrasonic sensor that covered the whole of the cars interior, then the alarm would go off then the window is smashed and the thieve leans in to try and access the OBD port, then over time the thieves will know they can’t attempt to access BMW’s without detection.

Member
Ahmed says:
21 December 2013

My 5 series was stolen overnight. I only bought it that evening and woke up to find it gone.
This happened yesterday!
I’m so gutted. BMW should do a recall just like how Toyota recalled their cars when they had a fault.
I will never buy another BMW.

Profile photo of Patrick Taylor
Member

From EETimes
How Hackers Can Take Control Over Your Car
Junko Yoshida
7/8/2013

” CAN bus is the crux of the issue?
While noting that the CAN bus is a “good, fault tolerant network” inside a car, NXP’s Besenbruch acknowledged that there are a number of ways hackers can worm their way into the internal network and get to the Electronic Control Unit (ECU).

The flexibility of the CAN bus has created a safe and cost-effective network enabling vendors to attach a number of computer control systems (ranging from the window controllers to the locks and critical safety elements such as brakes and engine). But that flexibility also creates the opportunity for new attacks — including one in which a car’s internal network can circumvent all computer control systems including mission-critical functions. Besenbruch acknowledged that it’s entirely feasible for someone to remotely turn the car-audio volume ALL THE WAY UP, for example, or worse, stop or start the engine at will. ”

Like many advances the Vendors are interested in cheapness not security so beware with new technologies. Bear this in mind with modern payment methods and cards as replacements for cheques and cash. Many people interested in making money from the concepts but ultimately they all rely on safe computers and electricity. Back up systems are not stupid and perhaps BMW should have considered a mechanical back-up.

Member
Tom Hartley says:
25 May 2014

Hi folks, I’m new here and just thinking about buying a new BMW X5 for delivery in Sep 2014. Before I go any further can anyone tell me if BMW have fixed their security issues? Thanks.

Member
Derek says:
26 May 2014

No. And the so called new patch has been hacked

Member
Tom Hartley says:
26 May 2014

Great!!! thanks for that. The BMW salesman is telling me that it’s all been fixed. Don’t know what to do now, surely other manufacturers have similar problems? they all use CAN bus protocol for the OBD port.

Member
Abdul says:
26 October 2014

Hi
I cannot believe what I have just read above, my 330d 2006 msport , fully specced,has just been stolen overnight. I was confused as I have both set of fobs and the valet key.i checked the area for glass, that was all clear.
My only thought was maybe somebody entered my property somehow and opened the doors with the fob and left them back so I don’t get suspicion.
It was only when the officer explained , there’s some devices out in the market that can open these high value cars so easily and reading above has given me a clear picture of what is happening.
I am applauded with the security of this cars and now knowingly will never invest in a BMW until certain the issue is solved.

Member
Derek says:
26 October 2014

about the OBD socket. This is the method in how to clone you fob key if you lose you fob BMW plug a gadget in to clone the fob codes then copy to a new fob. The problem is the OBD Is alive even when the fob is taken out of the ignition socket that with a poor alarm system that does not cover the area where the OBD socket is situated well it spells trouble and has for hundreds if not thousands of BMW owners and this is not on. I told BMW this in 2009 when I bought my x5 there was a security problem may as well talked to a brick wall. And yes they did put a security patch to cover theOBD seen around it in 25 minutes to crack. The OBD needs to be moved say under the bonnet or kill the electric supply to the OBD so if the thief breaks window and plugs his/her gadget in to clone the fob codes it will not work as you need electric for this process to complete BMW after sale is a disgrace 4 years this has been going on and no answers yet well I have just giving you one BMW!

Profile photo of Patrick Taylor
Member

http://www.darkreading.com/mobile/bmws-software-security-patch-a-sign-of-things-to-come/d/d-id/1318933?

Comment on BMW currently doing security upgrades over the air and the possible problems.

My own view is as we know pretty much everything is hackable or compromised the idea that broadcasting changes through the ether seems even stupider as it could affect tens of thousands at once.

Also if there is a foul-up – and we all know of upgrades put out by the likes of Microsoft and Apple -. that have unintended side effects at some future date there may be a hack/error that will immobilise thousands of cars.

If this sounds a tad Luddite I would point out that BMW are doing this because it potentially saves them tens of millions in not having to call back cars to a garage [BMW pay the garage] to sort out software deficiencies.

Security, as in preventing cars being stolen or turned into lumps of metal with inoperative parts, is hugely important. I always believe in having very good security preferably a physical and a software lock, and always if changes are made to them being gradually rolled out to avoid things being “bricked”. Given we are talking software probably the “bricked” remains a correct description of no longer functioning software dependent appliances.

Member
DKU Performance says:
25 March 2015

Being a garage in the Midlands we’ll be sharing this article on our Facebook page to help raise awareness!

Member

My 2006 bmw 550i m sport was stolen like this wednesday morning. A neighbour saw it speeding through a red-light at 4.30 am.

[This comment has been tweaked for breaking our commenting guidelines. Thanks, Patrick.]