Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security Transportation Wireless Networking News Technology IT

Hackers Steal Keyless BMW In Under 3 Minutes 486

Posted by timothy from the and-wait-for-the-upgrade dept.
An anonymous reader writes with this bit from ZDNet: "It's cool to have a keyless BMW, until you no longer have a keyless BMW. Hackers have figured out how to break into such cars with ease. BMW has acknowledged there is a problem, but is not doing enough to protect its customers (video)."
This discussion has been archived. No new comments can be posted.

Hackers Steal Keyless BMW In Under 3 Minutes More

Hackers Steal Keyless BMW In Under 3 Minutes

Comments Filter:

  • "stealing" (Score:5, Funny)

    by For a Free Internet ( 1594621 ) on Tuesday July 10, 2012 @12:22PM (#40604117)

    It is not "stealing" unless you are a slave to the notion of "property." In the future, everything will belong to me, so this won't be a problem any more. Hi Laura!

  • Nice to know... (Score:5, Funny)

    by gadget junkie ( 618542 ) <gbponz@libero.it> on Tuesday July 10, 2012 @12:22PM (#40604131) Journal
    that my "old" BMW 3 series has a complicated security mechanism: to open it, you must have access to the ignition lock.

    • Re: (Score:3)

      by slew ( 2918 )

      that my "old" BMW 3 series has a complicated security mechanism: to open it, you must have access to the door key .

      FTFY

      Otherwize it might be hard to get back in if you lock the doors if you had to get access to the ignition lock ...

      Of course on most older cars the door lock and the ignition lock are keyed the same for convenience of carrying one key. The ignition lock on many modern cars are electronic/RF "keyed" and the mechanical part of the composite ignition key (if there is one) is sometimes just for the door or maybe just the glove-compartment/petrol cap since onn higher end cars, the doors can often only be ele

      • Re:Nice to know... (Score:5, Funny)

        by snspdaarf ( 1314399 ) on Tuesday July 10, 2012 @02:16PM (#40605849)

        that my "old" BMW 3 series has a complicated security mechanism: to open it, you must have access to the door key .

        FTFY

        Otherwize it might be hard to get back in if you lock the doors if you had to get access to the ignition lock ...

        Of course on most older cars the door lock and the ignition lock are keyed the same for convenience of carrying one key.

        No, no, no. He owns a convertible.

  • Whats the difference... (Score:5, Funny)

    by Moheeheeko ( 1682914 ) on Tuesday July 10, 2012 @12:23PM (#40604135)
    ....between a BMW and a porcupine?

    On the porcupine, the pricks are on the outside.

    • Re:Whats the difference... (Score:5, Funny)

      by spire3661 ( 1038968 ) on Tuesday July 10, 2012 @12:28PM (#40604221) Journal
      85% of all BMW owners Ive met are assholes. Strangely this doesnt apply to Mercedes owners.

      • Re: (Score:3)

        by TWX ( 665546 )
        They're only about 65% in my experience...

      • Re:Whats the difference... (Score:4, Insightful)

        by Dahamma ( 304068 ) on Tuesday July 10, 2012 @12:44PM (#40604469)

        It's amazing how many BMW owners are assholes on the road ("I need to win the commute!") And some Mercedes owners seem to act like they own the road ("why is everyone in my way today?"). But neither scares me as much as Lexus soccer moms ("wait, did I drop my Luna bar under the passenger seat again? Oh, there it is! Hoooonnk screeeech!")

        Overall I'd much rather be driving next to someone who cuts you off on purpose than one who didn't even realize they were doing it ;)

        • Re: (Score:3, Insightful)

          by Grishnakh ( 216268 )

          Yep, at least the person who cuts you off on purpose is actually watching the road and aware of their surroundings. They may be acting in an unsafe manner, but it's still a lot better than someone whose attention is elsewhere; the aggressive drivers who cut you off rarely actually hit you, because they're just being rude, but usually know their car's dimensions pretty well to pull off the maneuver without incident. I'm not saying it's great, but it's preferable to someone who's looking under their seat, a

          • Yep, at least the person who cuts you off on purpose is actually watching the road and aware of their surroundings.

            You ignore the ones who expect you to brake to avoid them from hitting you as they enter your lane.

        • Re:Whats the difference... (Score:4, Interesting)

          by SJHillman ( 1966756 ) on Tuesday July 10, 2012 @12:50PM (#40604567)

          I was stopped at a traffic light during my morning commute when I watched a woman in the lane next to me slowly roll into the Lexus in front of her, then back off. The Lexus (male driver) then reversed and gently bumped into her. I can only hope they at least knew each other, but even then I wouldn't be playing gentle bumper cars given how touchy some airbag sensors can be.

        • Re: (Score:3)

          by mcgrew ( 92797 ) *

          Overall I'd much rather be driving next to someone who cuts you off on purpose than one who didn't even realize they were doing it

          Not me, a BMW won't do as much damage as a Lexus. But my observation is the twentysomethings who have one of those giant four seater pickup trucks with what looks like thirty inch wheels are the worst. They drive stupid AND are assholes. But I guess being born into money might give one a sense of entitlement, which probably explains the BMW and Ford assholes. They really do thin

      • Re:Whats the difference... (Score:5, Funny)

        by SJHillman ( 1966756 ) on Tuesday July 10, 2012 @12:44PM (#40604473)

        Around here, it's mostly Lexus and Prius owners that are total dicks. BMW owners are a mixed bag depending which suburb you're in. Newer Buick owners tend to just be horrible drivers, but that may be because they remember when flint was discovered.

        • What's funny with the Buicks is that they've been on a campaign for a while to attract younger drivers. Of course, it really hasn't worked out that well.

          • Re: (Score:2, Funny)

            by Anonymous Coward

            That's because there seems to be some kind of Strategic Crown Victoria and Cutlass Ciera Reserve from which old people obtain their vehicles, at least in my area.

        • Totally agree with the Lexus drivers thing - they're the ones who irk me the most. They seem to believe they're better than everyone else and that they own the road, and that you're damn lucky they reluctantly share it with you. I've also noticed however that the new crop of SUV driving soccer moms are getting really bad too, which honestly surprised me. We typically think of males as more aggressive, but behind the wheel of a big vehicle, I guess some women get a testosterone boost -they can be right pri

        • Re: (Score:3, Interesting)

          by StatureOfLiberty ( 1333335 )

          Got to know. Was that pun intentional? "Newer Buick owners ... because they remember when flint was discovered"

          flint (the rock)?
          or Flint, Michigan - Buick City Complex.

          Loved it - intentional or not.

        • Re:Whats the difference... (Score:5, Interesting)

          by sdguero ( 1112795 ) on Tuesday July 10, 2012 @02:04PM (#40605707)
          You gotta love the Prius drivers cruising along at 68 MPH in the fast lane during rush hour with their eyes glued on the MPG meter. Unbelievably annoying. They are the new Volvo (but for MPG instead of safety). Meanwhile people are risking lives to get around them by swerving into the slow lanes and get back up to 75-80 MPH.

      • 85% of all BMW owners Ive met are assholes. Strangely this doesnt apply to Mercedes owners.

        Judging by their average behavior on the road, 95% of Mercedes owners are assholes. I drive one, and that's probably an anecdote in favor of my argument, although I'm a give-what-you-get driver and if someone doesn't treat me like a dick I'm extremely considerate on the road, so I like to think I'm the exception. This assholishness reaches its Northern Californian peak somewhere around Marin, on the 101. BMW drivers are at least usually in a hurry, and thus you don't get stuck behind them as often as the Me

      • Re:Whats the difference... (Score:4, Interesting)

        by Bigby ( 659157 ) on Tuesday July 10, 2012 @12:51PM (#40604583)

        BMW has an entry-level model that allows people who can't actually afford their cars to get their cars. This is not the case with Mercedes. Those people can generally afford their cars. People who try to spend their way into luxury and debt at the same time tend to be the a$$holes you speak of. Those that actually earned their money to buy such a car are not so much.

        • BMW has an entry-level model that allows people who can't actually afford their cars to get their cars. This is not the case with Mercedes.

          Not true. Mercedes also has a lower end model [edmunds.com]that is comparable with other new sedans. Heck, there are pickup trucks that cost more than this one.

          With that said, I don't disagree totally with the point you're making. I think way too often, the attitude of the folks driving these cars has more to do with how they want to be perceived (i.e. powerful, wealthy, stylish, etc) than anything else.

          • Re:Whats the difference... (Score:4, Interesting)

            by tompaulco ( 629533 ) on Tuesday July 10, 2012 @01:42PM (#40605385) Homepage Journal
            Mercedes also has a lower end model [edmunds.com]that is comparable with other new sedans
            If $35k is comparable with other new sedans, I guess I won't be buying a new sedan ever again. Interesting how median household income has increased by about 70% in 20 years, while the price of an average new car has increased by over 130%.
            heck, there are pickup trucks that cost more than this one.
            Well, that is because pickup trucks are luxury items now. I feel really bad for farmers, because they used to be able to just go buy a pickup truck and it would be cheap, rugged, and last forever. Now they have to drop $40k to get a serviceable truck. No wonder the farmers can't earn a living. 20 years ago, a Ford F-150 could be bought brand new for $10k. Now it costs on average about $35k and can cost as much as $52k for a well equipped one.That is a five fold increase in cost while salaries have not even doubled.

        • Now, I have some experience with this having recently test drove all of these -- I bought a 328, so I guess I'm part of the problem :) *

          A Mercedes C-class (like a 250) can actually be leased about $50 cheaper than the equivalent BMW (a base 328), and this is actually cheaper than an Audi A4 presently. This is probably just a local and temporary phenomenon, but they've been pushing these.

          *(I work in Hollywood and own Apple gear too, you can save your abuse. On the Slashdot moral continuum I'm somewhere bet

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        Funny thing is that in Europe it's the Audi drivers (personal experience only).

        • Yep. The "asshole BMW owner" demographic all started buying Audis about a decade ago. BMW is slowly becoming OK again.

      • Re:Whats the difference... (Score:5, Insightful)

        by deadweight ( 681827 ) on Tuesday July 10, 2012 @01:08PM (#40604883)
        As a BMW owner, I can say that it seems 85% of the people who come near me turn into assholes when they see the blue-and-white symbol. Do you REALLY need to play boy racer in your Camaro and pass me on the right, drop back, pass me on the left, get ahead of me, and slam on the brakes when I have 3 little kids and a freaking DOG in the car? Do I look like I want to race you? Do you need to make dumb-ass global warming comments when my car gets better MPG than yours? Do you really need to carry on about the 1%ers ruining everything when my car has 200,000 miles on it?

    • Re: (Score:2)

      by cvtan ( 752695 )
      First of all, this traditionally is a Porsche joke. Secondly, my BMW is 40 years old and still runs, so negative comments do not apply.

      http://www.cardomain.com/ride/230140/1972-bmw-2002 [cardomain.com]

  • audi (Score:2, Funny)

    by Anonymous Coward

    that's why i drive an audi.

  • They're on the hook to replace these cars....and I'd be making damn sure my customers didn't buy another BMW they'd have to pay out on again.

  • Club (Score:5, Funny)

    by magarity ( 164372 ) on Tuesday July 10, 2012 @12:25PM (#40604163)

    Sounds like BMW owners are going to make a run on Pep Boys to get "the club".

    • Re:Club (Score:5, Informative)

      by avandesande ( 143899 ) on Tuesday July 10, 2012 @12:45PM (#40604485) Journal

      Steering wheels are a thin steel hoop enclosed in foam you can hacksaw through them in less than a minute.

      • That's not the point, same way as house locks and the Kensington lock on a laptop doesn't offer any real security. If somebody wants *your* car/house/laptop, you need much substantially stronger security to keep them out. But most thefts are crimes of opportunity, and it is sufficient to make it more of a hassle than something else, whether it's another theft or walking home instead of stealing a ride and driving. Steering-wheel locks and Kensington locks have a secondary purpose, which is to force the thie

        • Opportunists aren't going to be hacking into a BMW either, which is what the article is about. I would agree that a club has some preventive value....

    • Speaking of Backfires (Score:5, Interesting)

      by bill_mcgonigle ( 4333 ) * on Tuesday July 10, 2012 @01:40PM (#40605351) Homepage Journal


      Sounds like BMW owners are going to make a run on Pep Boys to get "the club".

      What Car Theives Think of the Club [freakonomics.com]

      At some point, the Club was mentioned. The professional thieves laughed and exchanged knowing glances. What we knew was that the?Club is a hardened steel device that attaches to the steering wheel and the brake pedal to prevent steering and/or braking. What we found out was that a pro thief would carry a short piece of a hacksaw blade to cut through the plastic steering wheel in a couple seconds. They were then able to release The Club and use it to apply a huge amount of torque to the steering wheel and break the lock on the steering column (which most cars were already equipped with). The pro thieves actually sought out cars with The Club on them because they didnâ(TM)t want to carry a long pry bar that was too hard to conceal.

    • Re:Club (Score:4, Informative)

      by Translation Error ( 1176675 ) on Tuesday July 10, 2012 @01:43PM (#40605401)
      Actually, The Club may not be very useful against professional thieves. From Jim Burns, a former Chrysler engineer (source [freakonomics.com]):

      At some point, the Club was mentioned. The professional thieves laughed and exchanged knowing glances. What we knew was that the Club is a hardened steel device that attaches to the steering wheel and the brake pedal to prevent steering and/or braking. What we found out was that a pro thief would carry a short piece of a hacksaw blade to cut through the plastic steering wheel in a couple seconds. They were then able to release The Club and use it to apply a huge amount of torque to the steering wheel and break the lock on the steering column (which most cars were already equipped with). The pro thieves actually sought out cars with The Club on them because they didn't want to carry a long pry bar that was too hard to conceal.

  • That's an improvement over traditional locks, which can be defeated in 60 seconds, at least according to Driver's Ed class, and of course, the movie.

    • Re: (Score:2)

      by TheCarp ( 96830 )

      I believe it. Having broken into my own car, and friends cars, it took me a lot longer, but ive seen an experienced person open a car door with a slim jim (not recomended on newer cars with air bags in the door)...its fast. (I have also seen them fumble and nearly fail....)

      Hell a friend of mine that used to steal cars when he was younger locked himself out of his... and I had to help him break into it, with hardly any tools in sight. Took us nearly an hour and, in the end, we used a long stick (yes stick, l

      • My 22 year old Cadillac has a telemetry key they costs $US80 to copy.

        I'm sure 20 years ago professional car thieves could steel it (I think they brought a new lock, key and matching engine computer). Now the pros won't touch it. Amateurs never could get them.

        As the convertible top costs $US1000 I leave the doors unlocked at all times and never leave anything worth steeling in it.

    • Locks on Cars, Homes... Are not the end all be all in Securing your property. They are there to keep the "honest, honest".
      You are parked in a parking lot. you have your doors unlocked. Someone who is not really planning a crime, sees your car, attracted to it. Lifts up the handle and gets in. They can take the radio, or whatever, not a big deal. If the door is locked. They don't have the tools to get in without being noticed so they go back to their life.

      I had my car broken into. They wanted my (10 year o

  • Not quite as bad as the Summary seems (Score:5, Informative)

    by DigitalSorceress ( 156609 ) on Tuesday July 10, 2012 @12:27PM (#40604211)

    I own a MINI with a keyless entry system ... MINI is made by BMW these days, so I was a bit concerned.

    My first vision was "Yikes - someone either grabs my signal out of the air or else they have some 'rainbow box' that tries a bunch of freqs/combos really fast so they can essentially walk up to my car, get in, and go."

    Turns out they have to break your window and connect to your OBD port... This sucks, but to my mind, it's not a whole lot of difference between that and breaking the window then hot-wiring the car. ... If they could just walk up and get in and drive away as if they had the valid key, I'd be a lot more concerned. ... checks insurance policy ... at least I've got theft insurance.

    • On the older 3 series (E46) the driver's door lock was super easy to pick because of sloppy tolerances (apparently about 700EUR will buy you the tools you need to do it in a few seconds). Picking the lock is, of course, a lot more subtle than breaking a window... and will typically disarm the alarm too.

    • You're paying extra for a security system that's supposed to be better than hot-wiring a car, so I don't understand why you're not concerned.

      • You're paying extra for a security system that's supposed to be better than hot-wiring a car

        I could have sworn you were just paying extra for a name.

    • This sucks, but to my mind, it's not a whole lot of difference between that and breaking the window then hot-wiring the car.

      The ECU/ECM controls all engine functions. If it doesn't give the go ahead, your car won't run, no matter how many wires are cut apart or spliced together.

      You don't hotwire modern cars.

      • This sucks, but to my mind, it's not a whole lot of difference between that and breaking the window then hot-wiring the car.

        The ECU/ECM controls all engine functions. If it doesn't give the go ahead, your car won't run, no matter how many wires are cut apart or spliced together.

        You don't hotwire modern cars.

        You swap car computer and drive off.

    • Turns out they have to break your window and connect to your OBD port... This sucks, but to my mind, it's not a whole lot of difference between that and breaking the window then hot-wiring the car. ...

      True and, in the real world, a lot can happen in three minutes.

    • Re: (Score:2)

      by Idbar ( 1034346 )
      I checked the video. Am I confused? But they took about 2 minutes to open the freaking car, then they push it out of the driveway. Probably the same time it takes to do that with any other car. So afterwards, they do a bunch of stuff, and they get the car going? Just like... wait... any other stolen car?

      I'm not a BMW fan, but this doesn't sound like news. What really pisses me off is that I no different, I drive a Toyota and they charged me $500 for a replacement key, that certainly doesn't seem to add mu

    • Re:Not quite as bad as the Summary seems (Score:4, Insightful)

      by NJRoadfan ( 1254248 ) on Tuesday July 10, 2012 @02:07PM (#40605749)
      ...and even if you have theft insurance, be prepared to fight. Some insurers have this bright idea that since you car has an immobilizer security system that its impossible to steal. They apparently hasn't heard of the low tech method of using flat bed tow trucks to take cars off of the street. Most high end cars are stolen around here using a flat bed. Once they have the car, they then crack the immobilizer system at their convenience, re-key/re-code the car, and ship them off to Eastern Europe or South America.

  • How is stealing a keyless car possible unless they don't bother to spend a few bucks on implementing a good friend-or-foe system? (Which would be much cheaper then what they charge for an electronic "key")

  • whose ignitions locks were all pretty much the same key. Want someone else's bike? Use your own key and ride away!

  • Typical geeks... (Score:5, Insightful)

    by gatfirls ( 1315141 ) on Tuesday July 10, 2012 @12:38PM (#40604373)
    Got the whole OBD hacking figured out but sticking a peice of tape on a camera is a mechanical feat out of their reach.

    • Got the whole OBD hacking figured out but sticking a peice of tape on a camera is a mechanical feat out of their reach.

      Well, they'd have to get up on a ladder and heights make their noses bleed!

    • Strange since they touched or blocked each camera at least once. They obviously knew they were there. Which makes me think they might have wanted the owner to know and see what they were doing. Either that or the cameras had some kind of auto-alarm if the signal blacks out for more than a few seconds. /$0.02

  • Problem and Solution (Score:3)

    by BronsCon ( 927697 ) <social@bronstrup.com> on Tuesday July 10, 2012 @12:43PM (#40604449) Journal

    Problem: The OBD-II port, which, by mandate in most countries where it is required, may not have any access controls applied to it, is being used for non-diagnostic purposes

    Solution: Use a separate port with some actual securty measures for any functions you aren't legally required to expose via OBD-II

    Damn, it took me all of 2 seconds to figure that one out, and I'm not a security expert.

    • That would require the automakers to have a new tool provisioned, and all the dealers to buy the tool. The tools usually cost the dealers several thousand dollars, because the automakers lack the talent to make their own tool. Or they could just have some decent security before you are allowed to issue any commands you're not required to support by the standard, which would only require a software update to the existing scan tool, which they would distribute to dealers via the internet.

      • Then they should do this? You go ahead and tear down my solution and say "but this would work much better", but that doesn't disprove my argument, they could and should be doing *something*.

        • that doesn't disprove my argument, they could and should be doing *something*.

          I wasn't trying to disprove your argument, I was explaining to you one reason why they wouldn't want or need to add another port. It's also just something else to break, it has to be located somewhere and they're already having to locate the OBD-II port, etc etc.

          • It's funny, though, that my 2000 Corolla has a separate diagnostics port, for functions not required to be accessible via OBD-II. It can't have cost *that* much if my $15k car included it; it's not too much to ask on a car going for $80+K.

    • Re: (Score:3)

      by gmarsh ( 839707 )

      Actually, the OBD-II specification mandates that you provide a certain set of PIDs without any access restrictions.

      As long as that functionality is there, you can do whatever else you want with the port - including locked down, proprietary things. Pretty much car manufacturer out there does this.

    • Don't know if its the case with BMWs, but I know VW Group cars (Audi, VW, SEAT, Skoda, etc.) require a dealer computer that contacts VW corporate in order to re-code cars to new keys. The OBD ports in those cars also don't work unless the car is in the "on" position.

  • The basic design flaw: key recovery... (Score:5, Informative)

    by nweaver ( 113078 ) on Tuesday July 10, 2012 @12:51PM (#40604595) Homepage

    The basic design flaw is how key duplication/recovery is handled.

    On my motorcycle (a Concours 14 with keyless ignition), to program a new key you need an existing key. The disadvantage is, naturally, if you lose all your keys, you need to replace the computer!

    But its better than the alternative. On the BMW, all you need to do is plug into the OOBDII port and tell the computer "Here is the new key". This means if you lose all your keys, you don't have to buy a new computer... But it also means that anyone who can break into the car can create a key and drive off.

  • Looking at this with a very wrong scale in mind (Score:5, Interesting)

    by Prikolist ( 1260608 ) on Tuesday July 10, 2012 @01:00PM (#40604771)
    A few years there was a great story in Wired about breaking locks. In summary, even the world's most secure locks are not meant to survive more than 10-15 minutes. And it tells the story of a few experts that broke down one of these locks in under a minute. 3 minutes on a car lock? Either the hackers haven't figured out the best way to break in yet or the security is actually amazing. Wired story [wired.com]
  • Of course BMW is using a special security system that is not used by anyone else. Right.
  • I'm not an engineer, nor do I play one on TV, so I'm curious - how does an ultra sonic senor have a blind spot?

Slashdot Top Deals

Children begin by loving their parents. After a time they judge them. Rarely, if ever, do they forgive them. - Oscar Wilde

Close