Stolen to order - beware reprogrammable keys
#1
Stolen to order - beware reprogrammable keys
Hi All. Here's the CCTV footage of my BMW 1M stolen without any keys in 3 minutes!
I know this isn't a BMW forum, but this is interesting for anyone with a high end car attractive to thieves or indeed anyone with this type of key.
This is my £43,000 BMW 1M Stolen at 3 am in under 3 minutes. They accessed the car's OBD port in the footwell by breaking the glass, reaching in and using a device to reprogram a blank key fob. The car was simply then unlocked and pushed off the drive and driven away. No Alarm went off, and later found out there is a 'void' on the inside of the car, so if you keep your arm close to the inside of the door and the dash, the alarm will not activate. Just enough room to get your arm down to the OBD port where you can re-program a blank key if you have the correct device (which you can buy in the internet!)
BMW don't seem to want to admit they have a problem on their cars. It affects all BMW’s with the electronic fob from 2006-2011. They are still producing cars with the OBD port located in the footwell in the same location, and I assume the same problem with the alarm. Over 300 cars were stolen in March 2012 in the West Midlands alone and apparently the Police told me in one night £250,000 worth of cars were stolen in the region.
So really just to warn you all of the issue and let you know about the new way cars are being stolen (specifically those people who own cars with reprogrammable keys) Oh and don’t buy a BMW because they haven’t fixed the problem with their new cars! Enjoy.
I know this isn't a BMW forum, but this is interesting for anyone with a high end car attractive to thieves or indeed anyone with this type of key.
This is my £43,000 BMW 1M Stolen at 3 am in under 3 minutes. They accessed the car's OBD port in the footwell by breaking the glass, reaching in and using a device to reprogram a blank key fob. The car was simply then unlocked and pushed off the drive and driven away. No Alarm went off, and later found out there is a 'void' on the inside of the car, so if you keep your arm close to the inside of the door and the dash, the alarm will not activate. Just enough room to get your arm down to the OBD port where you can re-program a blank key if you have the correct device (which you can buy in the internet!)
BMW don't seem to want to admit they have a problem on their cars. It affects all BMW’s with the electronic fob from 2006-2011. They are still producing cars with the OBD port located in the footwell in the same location, and I assume the same problem with the alarm. Over 300 cars were stolen in March 2012 in the West Midlands alone and apparently the Police told me in one night £250,000 worth of cars were stolen in the region.
So really just to warn you all of the issue and let you know about the new way cars are being stolen (specifically those people who own cars with reprogrammable keys) Oh and don’t buy a BMW because they haven’t fixed the problem with their new cars! Enjoy.
#2
MBWorld Fanatic!
that is scary but i dont understand the void part. how did breaking the glass in the first place not trigger the alarm?
from what i understand the car had to be broken in before the key fob can be reprogramed.
sorry to hear this happened to you and thank you for sharing. what happened to the car and the thieves?
from what i understand the car had to be broken in before the key fob can be reprogramed.
sorry to hear this happened to you and thank you for sharing. what happened to the car and the thieves?
#3
id love to know...i assume there is no smash sensor in the glass? thats the issue! The void runs along the door card so if you keep your hand/arm close to the door it doesn't trigger the alarm!
Have no idea about the car, probably in Japan. As for the scum that stole it. Rotting somewhere I hope.
Have no idea about the car, probably in Japan. As for the scum that stole it. Rotting somewhere I hope.
#5
Senior Member
Join Date: May 2010
Location: Barcelona, Ljubljana
Posts: 330
Likes: 0
Received 0 Likes
on
0 Posts
Mercedes C63 amg, Bmw X5,
I can get this type of thing and drive away any BMW thats is up to 2011 including 2011s. It only costs 12.000€.
I think its absurd that someone can pay 12.000 and basically steal any Bmw he would like. Bmw, Mercedes and similar companies should do much more in terms of their clients car antitheft safety
I think its absurd that someone can pay 12.000 and basically steal any Bmw he would like. Bmw, Mercedes and similar companies should do much more in terms of their clients car antitheft safety
#6
MBWorld Fanatic!
I can get this type of thing and drive away any BMW thats is up to 2011 including 2011s. It only costs 12.000€.
I think its absurd that someone can pay 12.000 and basically steal any Bmw he would like. Bmw, Mercedes and similar companies should do much more in terms of their clients car antitheft safety
I think its absurd that someone can pay 12.000 and basically steal any Bmw he would like. Bmw, Mercedes and similar companies should do much more in terms of their clients car antitheft safety
#7
MBWorld Fanatic!
Join Date: Mar 2012
Location: Toronto
Posts: 2,051
Likes: 0
Received 0 Likes
on
0 Posts
my wife bananas! :D
Thing is, that is a heck alot of BMWs stolen in a relatively small area. This must be quite an operation as even the logistics of moving such a massive amount of stolen inventory results in extremely high risk to be exposed. Not to mention the amount of people required to process this.
Trending Topics
#8
MBWorld Fanatic!
Join Date: Apr 2010
Posts: 1,955
Likes: 0
Received 7 Likes
on
7 Posts
2017 Mini Cooper S Clubman ALL4 - British Racing Green
There is a simple solution to this.. there is no reason for the OBD port to be powered when the ignition is off. Currently all cars have the port powered since that is what the specification calls for.
As for who is vulnerable, any vehicle that has individually coded keys that get programmed via the ECU would be vulnerable. How each manufacturer implements the coding process is what differs. The fact that BMW permits the coding to be performed with the ignition turned off is a vulnerability, not to mention the blind spot in the alarm system. Most companies no longer use shock sensors in the vehicle simply due to the number of false alarms that go off in major cities.. you may not know or realize it, but everytime you park in a congested area, odds are someone taps your front and rear bumper when they park.. people walk into your car (really.. people are stupid.. but it does happen). Configure the sensitivity too low, the alarm does not go off, too high, false alarms, it is really difficult to get them setup well, so they just dumped them.
I would be curious to know MB's response to this, as I am gathering that the key coding process is probably very similar to most other manufacturers.
They were not coding a new key, so there was no need to copy of generate any crypto keys or hashes, rather they took an existing key, and programmed the vehicle to recognize a new key (or a key from another BMW.. how hard is it to steal someone keys at a cafe or restaurant)
As for who is vulnerable, any vehicle that has individually coded keys that get programmed via the ECU would be vulnerable. How each manufacturer implements the coding process is what differs. The fact that BMW permits the coding to be performed with the ignition turned off is a vulnerability, not to mention the blind spot in the alarm system. Most companies no longer use shock sensors in the vehicle simply due to the number of false alarms that go off in major cities.. you may not know or realize it, but everytime you park in a congested area, odds are someone taps your front and rear bumper when they park.. people walk into your car (really.. people are stupid.. but it does happen). Configure the sensitivity too low, the alarm does not go off, too high, false alarms, it is really difficult to get them setup well, so they just dumped them.
I would be curious to know MB's response to this, as I am gathering that the key coding process is probably very similar to most other manufacturers.
They were not coding a new key, so there was no need to copy of generate any crypto keys or hashes, rather they took an existing key, and programmed the vehicle to recognize a new key (or a key from another BMW.. how hard is it to steal someone keys at a cafe or restaurant)
#9
MBWorld Fanatic!
#10
Member
Join Date: Aug 2006
Location: Orange County, CA
Posts: 107
Likes: 0
Received 0 Likes
on
0 Posts
2009 C63 AMG Steel Gray
#13
MBWorld God!
Join Date: Jul 2010
Location: 39.515509, -111.549668
Posts: 30,569
Received 3,352 Likes
on
2,807 Posts
2012 CLS63
man, they look like rats swarming around that thing don't they??
sorry.....this continues and supports my idea of humanity heading no where fast
sorry.....this continues and supports my idea of humanity heading no where fast
#16
MBWorld Fanatic!
Join Date: Apr 2010
Posts: 1,955
Likes: 0
Received 7 Likes
on
7 Posts
2017 Mini Cooper S Clubman ALL4 - British Racing Green
That was the number the dealer quoted me to replace the key that went for a swim in the washing machine..
Fortunately.. after completely disassembling the key, dropping all the parts in a big container of rice (acts like a silicon desiccant) for a few days, reassembling and a new battery.. it started to work again..
Fortunately.. after completely disassembling the key, dropping all the parts in a big container of rice (acts like a silicon desiccant) for a few days, reassembling and a new battery.. it started to work again..
#17
MBWorld Fanatic!
Join Date: Nov 2009
Location: Relocated
Posts: 4,418
Received 381 Likes
on
237 Posts
2010 Irridium Silver MB C63 AMG Sedan
If you have a Merc or a BMW, you should have/need a freekin garage...common, its not a civic...park that thing in a garage. And if are rolling around in one thinking you are living phat, without a garage, then a buy a shed and lock that thing...
Last edited by ZephyrAMG; 07-16-2012 at 01:56 PM.
#18
MBWorld Fanatic!
Join Date: Apr 2010
Posts: 1,955
Likes: 0
Received 7 Likes
on
7 Posts
2017 Mini Cooper S Clubman ALL4 - British Racing Green
I have a Garage.. it houses my bicycles, my wood working tools (table saw, router table, planer, thickness planer.. all large piece of heavy equipment).. and that is about all that I can fit in it..
I think I parked my car in it once.. heh
I think I parked my car in it once.. heh
#21
Senior Member
Join Date: May 2010
Location: Barcelona, Ljubljana
Posts: 330
Likes: 0
Received 0 Likes
on
0 Posts
Mercedes C63 amg, Bmw X5,
I don't know much about BMWs but the keys in an MB have been very secure, dealers cannot even make keys. They need to be ordered from the factory to get a new key. I have seen people selling a device to make keys now as well for MB's they have found a way to extract the hash file and using a key generator they can program a new key you can purchase keys (software) individually for like $10 or the generator which I heard is 10-15k. Not really sure how difficult the procedure is, but I do believe they need to open the EIS, not as easy as the OBDII port. Also MB has upgraded the DAS (drive authorization system) and will be first shown in the new body SL, I don't know if they have upgraded the security, but I am sure they have noticed the issue and removed the security flaw.
#22
MBWorld Fanatic!
Join Date: Apr 2010
Posts: 1,955
Likes: 0
Received 7 Likes
on
7 Posts
2017 Mini Cooper S Clubman ALL4 - British Racing Green
The issue is not the keys.. The keys themselves are very secure (not impossible, with enough equipment, know how and money and key can be overcome).
The problem is the method used to create knew keys for the vehicles, and the software/equipment involved. My guess is that the code/software/hardware was stolen from a BMW dealer, or someone had access to the software to reverse engineer it.
This brings up another related but offtopic issue that those not in the US may not be aware off. There is currently a legal bill (the documents that go through various legal entities before coming law in the US) being pushed through many states, you can go see the details here www.righttorepair.org. The purpose of the bill is to force the dealers/manufacturers (which they are fighting tooth and nail) to provide at a reasonable cost, the same specialty tools and diagnostic equipment in use at the dealers to independent repair shops at a reasonable price ($100k for a laptop and software to read extended codes on a vehicle per manufacturer is way out of the affordable range to many shops). I agree with this bill, and look forward to it.
But at the same time, what the above bill will provide to pretty much anyone would be those same special tools and pieces of equipment that the manufacturers use to code keys to our vehicles. I can see an increase in this kind of theft significantly if this passes.. One of the major downsides to moving everyone from hardware to software.
The problem is the method used to create knew keys for the vehicles, and the software/equipment involved. My guess is that the code/software/hardware was stolen from a BMW dealer, or someone had access to the software to reverse engineer it.
This brings up another related but offtopic issue that those not in the US may not be aware off. There is currently a legal bill (the documents that go through various legal entities before coming law in the US) being pushed through many states, you can go see the details here www.righttorepair.org. The purpose of the bill is to force the dealers/manufacturers (which they are fighting tooth and nail) to provide at a reasonable cost, the same specialty tools and diagnostic equipment in use at the dealers to independent repair shops at a reasonable price ($100k for a laptop and software to read extended codes on a vehicle per manufacturer is way out of the affordable range to many shops). I agree with this bill, and look forward to it.
But at the same time, what the above bill will provide to pretty much anyone would be those same special tools and pieces of equipment that the manufacturers use to code keys to our vehicles. I can see an increase in this kind of theft significantly if this passes.. One of the major downsides to moving everyone from hardware to software.
#24
The purpose of the bill is to force the dealers/manufacturers (which they are fighting tooth and nail) to provide at a reasonable cost, the same specialty tools and diagnostic equipment in use at the dealers to independent repair shops at a reasonable price ($100k for a laptop and software to read extended codes on a vehicle per manufacturer is way out of the affordable range to many shops). I agree with this bill, and look forward to it.
But at the same time, what the above bill will provide to pretty much anyone would be those same special tools and pieces of equipment that the manufacturers use to code keys to our vehicles. I can see an increase in this kind of theft significantly if this passes.. One of the major downsides to moving everyone from hardware to software.
But at the same time, what the above bill will provide to pretty much anyone would be those same special tools and pieces of equipment that the manufacturers use to code keys to our vehicles. I can see an increase in this kind of theft significantly if this passes.. One of the major downsides to moving everyone from hardware to software.
To the OP...thanks for posting and best of luck with your insurance settlement.