stolen1m

Hi All. Here's the CCTV footage of my BMW 1M stolen without any keys in 3 minutes!
I know this isn't a BMW forum, but this is interesting for anyone with a high end car attractive to thieves or indeed anyone with this type of key.

This is my £43,000 BMW 1M Stolen at 3 am in under 3 minutes. They accessed the car's OBD port in the footwell by breaking the glass, reaching in and using a device to reprogram a blank key fob. The car was simply then unlocked and pushed off the drive and driven away. No Alarm went off, and later found out there is a 'void' on the inside of the car, so if you keep your arm close to the inside of the door and the dash, the alarm will not activate. Just enough room to get your arm down to the OBD port where you can re-program a blank key if you have the correct device (which you can buy in the internet!)

BMW don't seem to want to admit they have a problem on their cars. It affects all BMW’s with the electronic fob from 2006-2011. They are still producing cars with the OBD port located in the footwell in the same location, and I assume the same problem with the alarm. Over 300 cars were stolen in March 2012 in the West Midlands alone and apparently the Police told me in one night £250,000 worth of cars were stolen in the region.

So really just to warn you all of the issue and let you know about the new way cars are being stolen (specifically those people who own cars with reprogrammable keys) Oh and don’t buy a BMW because they haven’t fixed the problem with their new cars! Enjoy.

natman316

that is scary but i dont understand the void part. how did breaking the glass in the first place not trigger the alarm?

from what i understand the car had to be broken in before the key fob can be reprogramed.


sorry to hear this happened to you and thank you for sharing. what happened to the car and the thieves?

stolen1m

id love to know...i assume there is no smash sensor in the glass? thats the issue! The void runs along the door card so if you keep your hand/arm close to the door it doesn't trigger the alarm!

Have no idea about the car, probably in Japan. As for the scum that stole it. Rotting somewhere I hope.

bhamg

IIRC Mercs are not programmed and mated with keys until they are landed in NA. That would seem to make them similarly vulnerable to theft via the OBD connector.

Djovovic63

I can get this type of thing and drive away any BMW thats is up to 2011 including 2011s. It only costs 12.000€.

I think its absurd that someone can pay 12.000 and basically steal any Bmw he would like. Bmw, Mercedes and similar companies should do much more in terms of their clients car antitheft safety

JonMBZ

I don't know much about BMWs but the keys in an MB have been very secure, dealers cannot even make keys. They need to be ordered from the factory to get a new key. I have seen people selling a device to make keys now as well for MB's they have found a way to extract the hash file and using a key generator they can program a new key you can purchase keys (software) individually for like $10 or the generator which I heard is 10-15k. Not really sure how difficult the procedure is, but I do believe they need to open the EIS, not as easy as the OBDII port. Also MB has upgraded the DAS (drive authorization system) and will be first shown in the new body SL, I don't know if they have upgraded the security, but I am sure they have noticed the issue and removed the security flaw.

Fung63

Thing is, that is a heck alot of BMWs stolen in a relatively small area. This must be quite an operation as even the logistics of moving such a massive amount of stolen inventory results in extremely high risk to be exposed. Not to mention the amount of people required to process this.

jvanbrecht

There is a simple solution to this.. there is no reason for the OBD port to be powered when the ignition is off. Currently all cars have the port powered since that is what the specification calls for.

As for who is vulnerable, any vehicle that has individually coded keys that get programmed via the ECU would be vulnerable. How each manufacturer implements the coding process is what differs. The fact that BMW permits the coding to be performed with the ignition turned off is a vulnerability, not to mention the blind spot in the alarm system. Most companies no longer use shock sensors in the vehicle simply due to the number of false alarms that go off in major cities.. you may not know or realize it, but everytime you park in a congested area, odds are someone taps your front and rear bumper when they park.. people walk into your car (really.. people are stupid.. but it does happen). Configure the sensitivity too low, the alarm does not go off, too high, false alarms, it is really difficult to get them setup well, so they just dumped them.

I would be curious to know MB's response to this, as I am gathering that the key coding process is probably very similar to most other manufacturers.

They were not coding a new key, so there was no need to copy of generate any crypto keys or hashes, rather they took an existing key, and programmed the vehicle to recognize a new key (or a key from another BMW.. how hard is it to steal someone keys at a cafe or restaurant)

rage2

What if you've lost your last set of keys? How would you turn on ignition to reprogram a new set?

OCJeff

You wouldn't. Just give MB your VIN and they'll ship you new keys.

OlegKouz

Good thing I sold my M5!

jvanbrecht

And of course pay them.. which probably costs around $1000 to $1500 for a new set of keys.

I remember my old Camry with a smart key (2007), keys were around $800 each to replace... ouch

hyperion667

man, they look like rats swarming around that thing don't they??

sorry.....this continues and supports my idea of humanity heading no where fast

Guilty

I don't think so. Key for my car was $290 (keyless)

danlnyc

$800 :o on a Camry?? That sounds insane...I believe the MB one's are around 2-300

jvanbrecht

That was the number the dealer quoted me to replace the key that went for a swim in the washing machine..

Fortunately.. after completely disassembling the key, dropping all the parts in a big container of rice (acts like a silicon desiccant) for a few days, reassembling and a new battery.. it started to work again..

ZephyrAMG

If you have a Merc or a BMW, you should have/need a freekin garage...common, its not a civic...park that thing in a garage. And if are rolling around in one thinking you are living phat, without a garage, then a buy a shed and lock that thing...

jvanbrecht

I have a Garage.. it houses my bicycles, my wood working tools (table saw, router table, planer, thickness planer.. all large piece of heavy equipment).. and that is about all that I can fit in it..

I think I parked my car in it once.. heh

SLS Qatar

Man now that is scary and very strange

never expected a BMW to be stolen that easy

I hope those thieves get what they deserve

sbce90

Scary stuff. I remember reading about this on bimmerpost I think.

Djovovic63

I dont know the exact procedure but I did ask few questions like how is done. It was a mechanic that fixed my car that told me that. Scary stuff when you think about who is involved in this type of crime (mechanics, repair shops etc..) Anyways I was told you can also get set of 20 keys for extra few grand which makes things even easier. I forgot the exact details but I remember it was pretty easy. A 10 year old kid would be able to drive it away in less then 2 minutes. You knw that is just because BMW and such companies actually dont give a ****e about the security and they wont spend extra penny to make it right ( i am more then sure they could make it much harder for thieves to steal it)

jvanbrecht

The issue is not the keys.. The keys themselves are very secure (not impossible, with enough equipment, know how and money and key can be overcome).

The problem is the method used to create knew keys for the vehicles, and the software/equipment involved. My guess is that the code/software/hardware was stolen from a BMW dealer, or someone had access to the software to reverse engineer it.

This brings up another related but offtopic issue that those not in the US may not be aware off. There is currently a legal bill (the documents that go through various legal entities before coming law in the US) being pushed through many states, you can go see the details here www.righttorepair.org. The purpose of the bill is to force the dealers/manufacturers (which they are fighting tooth and nail) to provide at a reasonable cost, the same specialty tools and diagnostic equipment in use at the dealers to independent repair shops at a reasonable price ($100k for a laptop and software to read extended codes on a vehicle per manufacturer is way out of the affordable range to many shops). I agree with this bill, and look forward to it.

But at the same time, what the above bill will provide to pretty much anyone would be those same special tools and pieces of equipment that the manufacturers use to code keys to our vehicles. I can see an increase in this kind of theft significantly if this passes.. One of the major downsides to moving everyone from hardware to software.

otakki

Sounds like it's time for me to put "The Club" back on the steering wheel and the brake pedal.

bhamg

That is a loophole big enough to drive 10,000 AMG's through, because that's probably how many we'll see stolen within a couple of years. Imagine how many will pour over the Mexican border with no verification of ownership whatsoever necessary.

To the OP...thanks for posting and best of luck with your insurance settlement.

EkS

Hmmm...I've always wanted to test drive M series BMW. Thanks for the info!