Slashdot Mirror
Hackers Steal Keyless BMW In Under 3 Minutes
An anonymous reader writes with this bit from ZDNet: "It's cool to have a keyless BMW, until you no longer have a keyless BMW. Hackers have figured out how to break into such cars with ease. BMW has acknowledged there is a problem, but is not doing enough to protect its customers (video)."
It is not "stealing" unless you are a slave to the notion of "property." In the future, everything will belong to me, so this won't be a problem any more. Hi Laura!
UNITE with the Campaign for a Free Internet because today, our future begins with tomorrow!
that my "old" BMW 3 series has a complicated security mechanism: to open it, you must have access to the ignition lock.
"If a boss demands loyalty, give him integrity. But if he demands integrity, give him loyalty." (John Boyd, 1927-1997)
On the porcupine, the pricks are on the outside.
that's why i drive an audi.
They're on the hook to replace these cars....and I'd be making damn sure my customers didn't buy another BMW they'd have to pay out on again.
Sounds like BMW owners are going to make a run on Pep Boys to get "the club".
That's an improvement over traditional locks, which can be defeated in 60 seconds, at least according to Driver's Ed class, and of course, the movie.
If you are not allowed to question your government then the government has answered your question.
I own a MINI with a keyless entry system ... MINI is made by BMW these days, so I was a bit concerned.
My first vision was "Yikes - someone either grabs my signal out of the air or else they have some 'rainbow box' that tries a bunch of freqs/combos really fast so they can essentially walk up to my car, get in, and go."
Turns out they have to break your window and connect to your OBD port... This sucks, but to my mind, it's not a whole lot of difference between that and breaking the window then hot-wiring the car. ... If they could just walk up and get in and drive away as if they had the valid key, I'd be a lot more concerned. ... checks insurance policy ... at least I've got theft insurance.
The Digital Sorceress
Looks like they're using the ODB port to gain access to the car's computer. No car computer is going to be secure when you've got low level debug port right next to the hood release.
How is stealing a keyless car possible unless they don't bother to spend a few bucks on implementing a good friend-or-foe system? (Which would be much cheaper then what they charge for an electronic "key")
-- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
cars with keys are never stolen.
whose ignitions locks were all pretty much the same key. Want someone else's bike? Use your own key and ride away!
It doesn't mean much now, it's built for the future.
http://www.youtube.com/watch?v=DshK4ZXPU9o
Got the whole OBD hacking figured out but sticking a peice of tape on a camera is a mechanical feat out of their reach.
Problem: The OBD-II port, which, by mandate in most countries where it is required, may not have any access controls applied to it, is being used for non-diagnostic purposes
Solution: Use a separate port with some actual securty measures for any functions you aren't legally required to expose via OBD-II
Damn, it took me all of 2 seconds to figure that one out, and I'm not a security expert.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
The basic design flaw is how key duplication/recovery is handled.
On my motorcycle (a Concours 14 with keyless ignition), to program a new key you need an existing key. The disadvantage is, naturally, if you lose all your keys, you need to replace the computer!
But its better than the alternative. On the BMW, all you need to do is plug into the OOBDII port and tell the computer "Here is the new key". This means if you lose all your keys, you don't have to buy a new computer... But it also means that anyone who can break into the car can create a key and drive off.
Test your net with Netalyzr
A few years there was a great story in Wired about breaking locks. In summary, even the world's most secure locks are not meant to survive more than 10-15 minutes. And it tells the story of a few experts that broke down one of these locks in under a minute. 3 minutes on a car lock? Either the hackers haven't figured out the best way to break in yet or the security is actually amazing. Wired story
I think Linux isn't better than Windows hence in the slashdot realm I'm a troll
Of course BMW is using a special security system that is not used by anyone else. Right.
Sorry, but gray text on gray background is making my eyes bleed.
I'm not an engineer, nor do I play one on TV, so I'm curious - how does an ultra sonic senor have a blind spot?
http://www.youtube.com/watch?feature=player_embedded&v=DshK4ZXPU9o
Every "computer" I've ever encountered in the automotive world is proprietary, ridiculously overpriced to replace, invariably mounted in asinine places, and the manufacturers won't even give you the most basic user manuals for them. If you want to know what the pinouts are for the various modules, you're on your own. Sure, not everyone wants to know that about the system they are driving around or attempts to troubleshoot them, but I do, and if I'm going to pay a lot of money for one, I am also buying the electronics and I want to be able to use them, or in this case, maybe hack a solid state switch into one of the lines of the OOBDII port to patch the flaw myself. Having the manufacturer give me the runaround when I want to know how to get the readings out of the various sensors that I bought is not acceptable. In terms of the obligatory car analogy, the overall situation with automotive electronics sucks so bad that it's like itself.
Sounds like BMW owners are going to make a run on Pep Boys to get "the club".
What Car Theives Think of the Club
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Many, many years ago (at least 3) I read on slashdot about keyless Lexuses being broken into in approx 4 minutes on average. They used a universal transmitter card on a laptop to try all combinations or something like that and it only took 4 minutes on average to do so. Oops. So that wasn't even some encryption key leak or something, they just never bothered to calculate brute forcing time when they made the car.
Of course, if someone is too lazy to press a button or turn a key to open and start their car, they deserve to get their car stolen so they can think about what a lazy asshole they during the long walk home.
The difference between your post and everyone else's post is it appears you actually RTFA.
Don't know something? Look it up. Still don't know? Then ask.
I think my Lincoln has the right idea, but it could be taken farther.
To make a new key, you need 2 keys (to prevent valet from copying the key). If you have 1 or no keys, there is a time delay to make a new key, You must have possession of the car and a special programmer for a few hours . This prevents almost all theft, unless they tow your car away.
This means if you lose all your keys, you don't have to buy a new computer
Now if BMW made people buy new computers if they lost their keys - that I'd understand. But this doesn't seem to have much upside for them. They could at least sell a $200 USB device ($2 cost) that held the cryptokeys matched to a set of physical keys and not have such an easy defeat available via ODBII.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Your motorcycle's ignition lock may be quite amazing, but it will always be defeated by four guys and a full size van.
No lock or safe will stay shut given effectively unlimited time.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
If you steal a car, you aren't a hacker. You are a thief. Stop calling people that break the law, "Hackers".
Lo Jack. Shit works. My dad had his car returned to him 2 hours later, and the thieves got busted.
Seven puppies were harmed during the making of this post.
The easiest way to steal a vehicle is to just tow it.
....all they need is a cheap lift and an old pickup to bolt it on and they can drag it off in seconds.
If you are repo driver, no one cares, so a thief using the same equipment could drag cars all day (and I'm sure many do).
It ain't like the fat fucks on "reality" television except for the "fat". :-)
Repo drivers just pull up, hook up (or toggle a few switches if they have in-cab controls) , and drive off.
People don't take any action even when you are driving down the street with the towed vehicle brakes still locked and the tires smoking! (Once clear if the property you release the parking brake.)
Here's a decent vid of the process:
http://www.youtube.com/watch?v=SEIPNKPvID0
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
When you want a keyless BMW, you go to the keyless BMW dealer.
When you go to the keyless BMW dealer, you buy a keyless BMW.
When you buy a keyless BMW, you want to show off your keyless BMW.
When you want to show off your keyless BMW, you park it predominately in an area frequented by hackers.
When you park your keyless BMW predominately in an area frequented by hackers, said hackers steal your keyless BMW within 3 minutes.
Don't buy a keyless BMW and park it predominately in an area frequented by hackers who can steal your keyless BMW within 3 minutes.
They may be going faster than you when they pass, but their behavior can result in an accident where you hit them anyway. This occurs where they are slowing down or you are speeding up, meaning it is possible for the vehicles to collide despite the fact that they are passing you. This frequently occurs when you are overtaking a vehicle in the lane next to you moving more slowly than yours (usually the right lane in the United States), and someone behind that vehicle in that lane comes up and slips into your lane in front of you, relying on you to change your velocity or acceleration in order not to be hit, or allowing an unacceptably thin margin of error.
-- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
If you can get on the CAN bus, you may be able to talk to the ECU, Body Computer, etc without going near the OBD port.
The CAN bus allows devices to talk to one another without any kind of central host (duh, the purpose of a bus). I read somewhere (possibly bullshit) that on some cars you can get onto the CAN bus through the exterior side mirrors (wiring) and then issue PIDs that way to talk to the rest of the car.
At least on my Honda, the ECU is offline unless there's a key turned in the ingnition...but maybe you can "fake" that status by issuing various PIDs through the CAN bus?
http://en.wikipedia.org/wiki/CAN_bus
http://en.wikipedia.org/wiki/OBD-II_PIDs
With the first link, the chain is forged.
I drive BMWs and there's nothing more irritating that people that don't get out of the way
You can buy one for low 30s.
Old style (key):
Insert into ignition
Using edges of key, twist to start.
Turn key to off position
Remove key.
New FOB system
Insert fob into slot. Do not accidentally hit the trunk release button when doing so.
Press start button (seperate motion)
Press stop button (seperate motion)
Remove key. Do not accidentally hit the trunk release button when doing so.
Now they look a lot a like, except the with the fob there is the potential to open your trunk because that part always sticks out, and that's how you have to grasp it. Additionally with the conventional key you can do it all in one smooth motion. You can't with the start button.
What BMW should have done, is when you stick your fob in the slot, since there is a spring loaded position where it latches (like a SD media slot) is have you push the key in and use that for the starter. No extra button needed.
While I love my BMW (e46) I won't buy another BMW again because they've just made stupid design mistakes like that. To be trendy they actually made it worse. And don't get me started about their nav system. It always opens even if you don't want it to. Even if you set the setting for it. And that rotary wheel is the worst input idea ever. I'd rather an Atari joystick.
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
You ever try lifting a Concours 14?
It doesn't mean much now, it's built for the future.
Apparently not, because thats 6 people and 2 hernias to throw in a van... that thing is HEAVVVVYYYYY (having had to pick it up once)
Test your net with Netalyzr
Are these locksmiths equipped with battering rams and or bricks to throw through the window? That's the only way your blanket statement has any prayer of being something bearing a resemblance to accurate.
Just another ignorant American.
Being a conscientious member of society, I try to look out for BMW owners and help secure their vulnerable and expensive machines by removing the wheels thereby rendering them immobile and therefore secure. You're welcome. You can find your wheels on eBay if you need them.
Reflections off internal surfaces causing interference,and shadowing, just like with mobile phone signals..
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
They just up the premiums for BMW cars by 200%. Yes, true figure in the UK. Imagine how screwed you are owning one of these BMWs. Can't pay insurance, it will get stolen and nobody wants to buy your car because it's probably stolen already, will be stolen soon and even if they don't steal your car, the insurance will steal your money and then not pay out "because it's a known problem and you didn't put on extra security" or some lame excuse.
I was promised a flying car. Where is my flying car?
The private keys that validate the proper "electronic key" is used, are plain text stored in the car's computer. Some cheaper than $200 chinese tools that are readily available can read those private keys and program a $50 or less replica blank electronic key with those private keys. That is all that is needed to drive off with your brand new "high tech" BMW.
There are several tricks to get inside the car, some not publicly known ones seem to make it possible to do so quickly without having to force anything. The best known one is to jam the keyfob frequency so careless owners will not lock the car and not check for the indicator lights to blink. In many countries "chirping" is illegal and most owners don't press the button until they have already turned their back to the car and are walking already.
I'd say that is pretty bad, considering that it's just as easy to steal a modern $100.000 BMW as it is to steal a 35 year old Dodge.
I was promised a flying car. Where is my flying car?
It's about being stupid enough to store plain text passwords for all the 10 possible keys for the car in the car's memory.
I was promised a flying car. Where is my flying car?
I didn't read TFA, but I know what is the real problem. You can't tell BMW "this is the new key", but the BMW tells you what the new key is. You can then program the new key on the spot and it doesn't even needs to be activated. There's 10 plaintext passwords in the BMW, for all possible keys that computer is ever going to be talking to.
I was promised a flying car. Where is my flying car?
These people aren't professional burglars, they may burglarize things for a living but they;re not professionals. For all we know they saw this in a movie and rehearsed for years, The drives a little portly for breaking into secure places. -Dorthy Fischer greets to f00
I've watched locksmiths get into multiple modern cars with pick kits and a couple of other tools in a matter of seconds per car. In fact, I've never seen one have to resort to drilling anything out. You appear to know crappy locksmiths.
Write failed: Broken pipe
For a car, you only need a wooden wedge to give yourself access to the solenoid and door handle mechanism without breaking any windows.
Hi, I used to work for Pop-A-Lock.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
NO NO NO. You are way off base on this. All drivers are supposed to stay as far as right as possible EXCEPT WHEN PASSING. People who loiter in the middle lane are idiots and they piss me off, -especially- when they stay there even while people are passing them on the right. Drivers in the right lane are not 'blocking' you from entering the highway unless they are tailgating, and that is another problem altogether. Go review your driver's manual. Here's how the manual in my state reads:
"On roadways with two or more lanes in your travel direction, use the right lane for driving unless...
* You are passing another vehicle.
* You are making a left turn.
* The right lane is blocked.".
And in another place:
"Stay to the right and only use the left lane for passing. On an expressway with three or more lanes in your direction, use the far right lane for slower driving, the middle lane for faster driving, and the far left lane for passing."
Bottom line: The right lane is not a 'merge lane' for your convenience. Deal.
I used to lock myself out of my car quite often. The good news was my friends father was a lock smith. (We'll consider this a trade out as I tended to do a lot of technical support for him.)
Probably around the third time he simply gave me the tool and explained the process. (I think that particular moment I was at his house).
Then I managed to lock myself out fairly far away, but in a sealed parking area. It just so happened the attendant had lock picks for loan to those who pulled such a stunt as myself. He was fairly surprised I picked the proper tool I needed and popped my lock in seconds.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
The only problem is, once you've defeated the keyless entry and anti-theft systems you are left with a luxury BMW, which has power windows.
I hate power windows.
<blink>down the rabbit hole</blink>
I never understood the security behind key-less entry systems, anything electronic security can be broken into, although the BMW system has been hacked, I'm pretty sure that others will follow soon.
TOP DSLR Cameras Reviews of the top DSLRs
Comment removed based on user account deletion
This really shows how efficient these video protection(*) cameras are at deterring and preventing crime. It also show how helpful they are at solving them when they do happen: now the police are looking for four smurfs who escaped from their comic book. No doubt they will have caught them within hours!
(*) 'Video protection' is the new double-plus-good term for 'video surveillance'.
Mod up.
Removing a fuse works well too. My buds lost several Chevy truck steering columns on their wrecker over the years, but the CHUDs never stole the truck because they put all their work into cracking the column and gave up when that didn't work.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
They obviously aren't trying. I can do it in under a minute. But then again it's my job.
The new right fascists are bilingual. They speak English and Bullshit.