Slashdot Mirror
Hackers Steal Keyless BMW In Under 3 Minutes
An anonymous reader writes with this bit from ZDNet: "It's cool to have a keyless BMW, until you no longer have a keyless BMW. Hackers have figured out how to break into such cars with ease. BMW has acknowledged there is a problem, but is not doing enough to protect its customers (video)."
It is not "stealing" unless you are a slave to the notion of "property." In the future, everything will belong to me, so this won't be a problem any more. Hi Laura!
UNITE with the Campaign for a Free Internet because today, our future begins with tomorrow!
that my "old" BMW 3 series has a complicated security mechanism: to open it, you must have access to the ignition lock.
"If a boss demands loyalty, give him integrity. But if he demands integrity, give him loyalty." (John Boyd, 1927-1997)
On the porcupine, the pricks are on the outside.
that's why i drive an audi.
They're on the hook to replace these cars....and I'd be making damn sure my customers didn't buy another BMW they'd have to pay out on again.
Sounds like BMW owners are going to make a run on Pep Boys to get "the club".
That's an improvement over traditional locks, which can be defeated in 60 seconds, at least according to Driver's Ed class, and of course, the movie.
If you are not allowed to question your government then the government has answered your question.
I own a MINI with a keyless entry system ... MINI is made by BMW these days, so I was a bit concerned.
My first vision was "Yikes - someone either grabs my signal out of the air or else they have some 'rainbow box' that tries a bunch of freqs/combos really fast so they can essentially walk up to my car, get in, and go."
Turns out they have to break your window and connect to your OBD port... This sucks, but to my mind, it's not a whole lot of difference between that and breaking the window then hot-wiring the car. ... If they could just walk up and get in and drive away as if they had the valid key, I'd be a lot more concerned. ... checks insurance policy ... at least I've got theft insurance.
The Digital Sorceress
Looks like they're using the ODB port to gain access to the car's computer. No car computer is going to be secure when you've got low level debug port right next to the hood release.
How is stealing a keyless car possible unless they don't bother to spend a few bucks on implementing a good friend-or-foe system? (Which would be much cheaper then what they charge for an electronic "key")
-- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
cars with keys are never stolen.
whose ignitions locks were all pretty much the same key. Want someone else's bike? Use your own key and ride away!
It doesn't mean much now, it's built for the future.
http://www.youtube.com/watch?v=DshK4ZXPU9o
Got the whole OBD hacking figured out but sticking a peice of tape on a camera is a mechanical feat out of their reach.
Problem: The OBD-II port, which, by mandate in most countries where it is required, may not have any access controls applied to it, is being used for non-diagnostic purposes
Solution: Use a separate port with some actual securty measures for any functions you aren't legally required to expose via OBD-II
Damn, it took me all of 2 seconds to figure that one out, and I'm not a security expert.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
The basic design flaw is how key duplication/recovery is handled.
On my motorcycle (a Concours 14 with keyless ignition), to program a new key you need an existing key. The disadvantage is, naturally, if you lose all your keys, you need to replace the computer!
But its better than the alternative. On the BMW, all you need to do is plug into the OOBDII port and tell the computer "Here is the new key". This means if you lose all your keys, you don't have to buy a new computer... But it also means that anyone who can break into the car can create a key and drive off.
Test your net with Netalyzr
A few years there was a great story in Wired about breaking locks. In summary, even the world's most secure locks are not meant to survive more than 10-15 minutes. And it tells the story of a few experts that broke down one of these locks in under a minute. 3 minutes on a car lock? Either the hackers haven't figured out the best way to break in yet or the security is actually amazing. Wired story
I think Linux isn't better than Windows hence in the slashdot realm I'm a troll
Of course BMW is using a special security system that is not used by anyone else. Right.
Sorry, but gray text on gray background is making my eyes bleed.
Thay've taken over from BMW as the choice of drivers who think they own the road and are almost guaranteed to do really stupid things to get where they want in zero seconds.
As for the Merc's? They are usually as the side of the road waiting for the tow truck. This especially applies to AMG Mercs.
I'm not an engineer, nor do I play one on TV, so I'm curious - how does an ultra sonic senor have a blind spot?
http://www.youtube.com/watch?feature=player_embedded&v=DshK4ZXPU9o
Every "computer" I've ever encountered in the automotive world is proprietary, ridiculously overpriced to replace, invariably mounted in asinine places, and the manufacturers won't even give you the most basic user manuals for them. If you want to know what the pinouts are for the various modules, you're on your own. Sure, not everyone wants to know that about the system they are driving around or attempts to troubleshoot them, but I do, and if I'm going to pay a lot of money for one, I am also buying the electronics and I want to be able to use them, or in this case, maybe hack a solid state switch into one of the lines of the OOBDII port to patch the flaw myself. Having the manufacturer give me the runaround when I want to know how to get the readings out of the various sensors that I bought is not acceptable. In terms of the obligatory car analogy, the overall situation with automotive electronics sucks so bad that it's like itself.
If you watch the video, they end up pushing the car away. How is that "hacking" the OBD-II? Any manual trans car (only Americans drive automatics) can be stolen by breaking the window, popping it out of gear, and/or releasing the parking brake and pushing it away.
Sounds like BMW owners are going to make a run on Pep Boys to get "the club".
What Car Theives Think of the Club
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Many, many years ago (at least 3) I read on slashdot about keyless Lexuses being broken into in approx 4 minutes on average. They used a universal transmitter card on a laptop to try all combinations or something like that and it only took 4 minutes on average to do so. Oops. So that wasn't even some encryption key leak or something, they just never bothered to calculate brute forcing time when they made the car.
Of course, if someone is too lazy to press a button or turn a key to open and start their car, they deserve to get their car stolen so they can think about what a lazy asshole they during the long walk home.
The difference between your post and everyone else's post is it appears you actually RTFA.
Don't know something? Look it up. Still don't know? Then ask.
I think my Lincoln has the right idea, but it could be taken farther.
To make a new key, you need 2 keys (to prevent valet from copying the key). If you have 1 or no keys, there is a time delay to make a new key, You must have possession of the car and a special programmer for a few hours . This prevents almost all theft, unless they tow your car away.
This means if you lose all your keys, you don't have to buy a new computer
Now if BMW made people buy new computers if they lost their keys - that I'd understand. But this doesn't seem to have much upside for them. They could at least sell a $200 USB device ($2 cost) that held the cryptokeys matched to a set of physical keys and not have such an easy defeat available via ODBII.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
A locksmith can get past a physical key in three seconds. Maybe not the new ones with electronics in the keys, though, but I wouldn't doubt it.
Free Martian Whores!
Your motorcycle's ignition lock may be quite amazing, but it will always be defeated by four guys and a full size van.
No lock or safe will stay shut given effectively unlimited time.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
If you steal a car, you aren't a hacker. You are a thief. Stop calling people that break the law, "Hackers".
Not just keyless, but carless as well.
How about a car that builds a huge static charge when parked, and requires a strong password to discharge?
Be sure to park it away from lawyers, though.
Lo Jack. Shit works. My dad had his car returned to him 2 hours later, and the thieves got busted.
Seven puppies were harmed during the making of this post.
The easiest way to steal a vehicle is to just tow it.
....all they need is a cheap lift and an old pickup to bolt it on and they can drag it off in seconds.
If you are repo driver, no one cares, so a thief using the same equipment could drag cars all day (and I'm sure many do).
It ain't like the fat fucks on "reality" television except for the "fat". :-)
Repo drivers just pull up, hook up (or toggle a few switches if they have in-cab controls) , and drive off.
People don't take any action even when you are driving down the street with the towed vehicle brakes still locked and the tires smoking! (Once clear if the property you release the parking brake.)
Here's a decent vid of the process:
http://www.youtube.com/watch?v=SEIPNKPvID0
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
When you want a keyless BMW, you go to the keyless BMW dealer.
When you go to the keyless BMW dealer, you buy a keyless BMW.
When you buy a keyless BMW, you want to show off your keyless BMW.
When you want to show off your keyless BMW, you park it predominately in an area frequented by hackers.
When you park your keyless BMW predominately in an area frequented by hackers, said hackers steal your keyless BMW within 3 minutes.
Don't buy a keyless BMW and park it predominately in an area frequented by hackers who can steal your keyless BMW within 3 minutes.
They may be going faster than you when they pass, but their behavior can result in an accident where you hit them anyway. This occurs where they are slowing down or you are speeding up, meaning it is possible for the vehicles to collide despite the fact that they are passing you. This frequently occurs when you are overtaking a vehicle in the lane next to you moving more slowly than yours (usually the right lane in the United States), and someone behind that vehicle in that lane comes up and slips into your lane in front of you, relying on you to change your velocity or acceleration in order not to be hit, or allowing an unacceptably thin margin of error.
-- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
If you can get on the CAN bus, you may be able to talk to the ECU, Body Computer, etc without going near the OBD port.
The CAN bus allows devices to talk to one another without any kind of central host (duh, the purpose of a bus). I read somewhere (possibly bullshit) that on some cars you can get onto the CAN bus through the exterior side mirrors (wiring) and then issue PIDs that way to talk to the rest of the car.
At least on my Honda, the ECU is offline unless there's a key turned in the ingnition...but maybe you can "fake" that status by issuing various PIDs through the CAN bus?
http://en.wikipedia.org/wiki/CAN_bus
http://en.wikipedia.org/wiki/OBD-II_PIDs
With the first link, the chain is forged.
I drive BMWs and there's nothing more irritating that people that don't get out of the way
You can buy one for low 30s.
I would like to say that actually on a BMW replacing a key is a tiny bit more complicated. You can't use any key it is supposed to have 1 of 10 EWS chips that are mated to the cas unit. So when ever you order a key they assemble your key with one of those chips. Then once the key comes they can pair it with the car. Now in the settings of the computer you do have options of turning a key on or off (so technically disabling a key) but you can't just use any key for any BMW
Old style (key):
Insert into ignition
Using edges of key, twist to start.
Turn key to off position
Remove key.
New FOB system
Insert fob into slot. Do not accidentally hit the trunk release button when doing so.
Press start button (seperate motion)
Press stop button (seperate motion)
Remove key. Do not accidentally hit the trunk release button when doing so.
Now they look a lot a like, except the with the fob there is the potential to open your trunk because that part always sticks out, and that's how you have to grasp it. Additionally with the conventional key you can do it all in one smooth motion. You can't with the start button.
What BMW should have done, is when you stick your fob in the slot, since there is a spring loaded position where it latches (like a SD media slot) is have you push the key in and use that for the starter. No extra button needed.
While I love my BMW (e46) I won't buy another BMW again because they've just made stupid design mistakes like that. To be trendy they actually made it worse. And don't get me started about their nav system. It always opens even if you don't want it to. Even if you set the setting for it. And that rotary wheel is the worst input idea ever. I'd rather an Atari joystick.
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
You ever try lifting a Concours 14?
It doesn't mean much now, it's built for the future.
I can attest to the four guys and a full size van. My first Kawasaki Ninja was "liberated" from my possession in a similar manner.
Why doesn't BMW copyright the access codes and let ACTA and the others laws stop these nefarious thieves??
Apparently not, because thats 6 people and 2 hernias to throw in a van... that thing is HEAVVVVYYYYY (having had to pick it up once)
Test your net with Netalyzr
Being a conscientious member of society, I try to look out for BMW owners and help secure their vulnerable and expensive machines by removing the wheels thereby rendering them immobile and therefore secure. You're welcome. You can find your wheels on eBay if you need them.
Just have a garage install one of those tiny, black-lever hidden toggle switches someplace inside, and it's damn near impossible to figure where it's located, even when looking right at it. They are the best (added) security device in the world for keyless entry vehicles when you have to leave them parked in questionable circumstances. It's a cheap install too.
Reflections off internal surfaces causing interference,and shadowing, just like with mobile phone signals..
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
They just up the premiums for BMW cars by 200%. Yes, true figure in the UK. Imagine how screwed you are owning one of these BMWs. Can't pay insurance, it will get stolen and nobody wants to buy your car because it's probably stolen already, will be stolen soon and even if they don't steal your car, the insurance will steal your money and then not pay out "because it's a known problem and you didn't put on extra security" or some lame excuse.
I was promised a flying car. Where is my flying car?
The private keys that validate the proper "electronic key" is used, are plain text stored in the car's computer. Some cheaper than $200 chinese tools that are readily available can read those private keys and program a $50 or less replica blank electronic key with those private keys. That is all that is needed to drive off with your brand new "high tech" BMW.
There are several tricks to get inside the car, some not publicly known ones seem to make it possible to do so quickly without having to force anything. The best known one is to jam the keyfob frequency so careless owners will not lock the car and not check for the indicator lights to blink. In many countries "chirping" is illegal and most owners don't press the button until they have already turned their back to the car and are walking already.
I'd say that is pretty bad, considering that it's just as easy to steal a modern $100.000 BMW as it is to steal a 35 year old Dodge.
I was promised a flying car. Where is my flying car?
It's about being stupid enough to store plain text passwords for all the 10 possible keys for the car in the car's memory.
I was promised a flying car. Where is my flying car?
I didn't read TFA, but I know what is the real problem. You can't tell BMW "this is the new key", but the BMW tells you what the new key is. You can then program the new key on the spot and it doesn't even needs to be activated. There's 10 plaintext passwords in the BMW, for all possible keys that computer is ever going to be talking to.
I was promised a flying car. Where is my flying car?
If you lose all keys you can usually order a new one from a dealer. Bring in your registration when you order it. It's not cheap though as they know you're stuck and a new computer + keys is expensive.
The upside is that it's cheaper and simpler to make it reprogrammable. These things aren't designed from scratch, and the features and misfeatures are driven by all the random OEM and custom parts they've accumulated over the years.
These people aren't professional burglars, they may burglarize things for a living but they;re not professionals. For all we know they saw this in a movie and rehearsed for years, The drives a little portly for breaking into secure places. -Dorthy Fischer greets to f00
If your vehicle is found and there is no damage showing the intruder got in via force. You might be f'd in the A. A friend had his car broken into using an onstar hack. You can see from the logs on the system that they tried to remote start the car using onstar as well. The best part here, is that he didnt have onstar subscribed services.
Then it gets better... the insurance company wont pay for them destroying the interior because the car was not physically broken into.
That depends on the local laws in your area. For the United States, see this list of state laws: http://www.mit.edu/~jfc/right.html
That being said, if you are blocking traffic, you are a douchebag.
I feel bad to say this, but what the hell.
CoooOOoooOOOoooooooooOOollll!!!!!!!!!!!!!!
NO NO NO. You are way off base on this. All drivers are supposed to stay as far as right as possible EXCEPT WHEN PASSING. People who loiter in the middle lane are idiots and they piss me off, -especially- when they stay there even while people are passing them on the right. Drivers in the right lane are not 'blocking' you from entering the highway unless they are tailgating, and that is another problem altogether. Go review your driver's manual. Here's how the manual in my state reads:
"On roadways with two or more lanes in your travel direction, use the right lane for driving unless...
* You are passing another vehicle.
* You are making a left turn.
* The right lane is blocked.".
And in another place:
"Stay to the right and only use the left lane for passing. On an expressway with three or more lanes in your direction, use the far right lane for slower driving, the middle lane for faster driving, and the far left lane for passing."
Bottom line: The right lane is not a 'merge lane' for your convenience. Deal.
Nonsense. On that system the recovery system isn't replacing the computer.
1. enter new key
2. watch it fail then wait 15 minutes precisely
3. enter key again within 60 seconds
Repeat that three times and tada!!! New key works and ALL old keys are wiped from memory.
The alternative is to do what everybody else that repos motorcycles do. Remove the computer/ignition. You can see the engine. It's like claiming your firewall is flawless but leaving the servers outside.
The only problem is, once you've defeated the keyless entry and anti-theft systems you are left with a luxury BMW, which has power windows.
I hate power windows.
<blink>down the rabbit hole</blink>
I never understood the security behind key-less entry systems, anything electronic security can be broken into, although the BMW system has been hacked, I'm pretty sure that others will follow soon.
TOP DSLR Cameras Reviews of the top DSLRs
low tech is high tech.
Comment removed based on user account deletion
This really shows how efficient these video protection(*) cameras are at deterring and preventing crime. It also show how helpful they are at solving them when they do happen: now the police are looking for four smurfs who escaped from their comic book. No doubt they will have caught them within hours!
(*) 'Video protection' is the new double-plus-good term for 'video surveillance'.
My Audi R8 with Lamborghini V-10 engine is superior to any BMW or Mercedes, so get off my road... the left lane belongs to me!
The only other cars worthy of cruising next to me are Porsche, Maserati, Ferrari or Lamborghini. Don't even mention any American cars, you make me laugh.
They obviously aren't trying. I can do it in under a minute. But then again it's my job.
The new right fascists are bilingual. They speak English and Bullshit.
If they had stolen the car. Why didn't the thief's drive the car away instead of 2 of them pushing it while 1 steers ?