Slashdot Mirror

← Back to Stories (view on slashdot.org)

BMW Cars Vulnerable To Blank Key Attack

Posted by timothy on from the now-that-is-a-catchy-slogan dept.

Techmeology writes "Thieves have discovered how to steal BMW cars produced since 2006 by using the onboard computer that is able to program blank keys. The device used — originally intended for use by garages — is able to reprogram the key to start the engine in around three minutes. The blank keys, and reprogramming devices, have made their way onto the black market and are available for purchase over the Internet."

10 of 291 comments (clear)

  1. Re:Imagine if this was self-driving car by Krneki · · Score: 5, Insightful
    It can happen yes, but what is more likely to happen an incompetent/drunk driver running you over or a hacked AI car?

    AI car will not be perfect, but I'm sure as hell they will be much better then the regular Joe.

    --
    Love many, trust a few, do harm to none.
  2. Re:Imagine if this was self-driving car by Googlefu · · Score: 4, Insightful

    If they can't even get "little" details like car locks working, how is full-driven AI going to be any better?

  3. Re:Imagine if this was self-driving car by Anonymous Coward · · Score: 4, Insightful

    Why would you be responsible?
    Are you responsible when someone steals a normal car?

  4. In other news: by AtomicDevice · · Score: 5, Insightful

    Highly advanced cyber-thieves discover method to steal cars with a coat hanger and a screw driver! Everyone cower in terror!

    Not that this isn't dumb security on BMW's part, but the thing keeping people from stealing your car is their conscience and the police, not your hyper-powerful super-locks. They might keep some dumb teenagers out of your car, but not car thieves who buy blank keys on the black market and learn to reprogram them.

    --
    Ze Atomic Device! It iz Ztolen!
  5. Re:Imagine if this was self-driving car by MetalliQaZ · · Score: 4, Insightful

    Heh. When did Asimov's rules become law?

    Also, just FYI, Asimov created those laws to break them down. He wrote a whole collection of stories that examine how the "3 laws of robotics" can fail.

    --
    "Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
  6. Re:Imagine if this was self-driving car by Krneki · · Score: 5, Insightful

    It's security vs ease of use. Maybe they hopped no one would bother, now they know it and the next model will be more secure. The thing about science is that is moving on, while human driving is not.

    --
    Love many, trust a few, do harm to none.
  7. Security and lifetime of your typical car by sinij · · Score: 5, Insightful

    Cars are expected to last at least 10 years, many last much longer, well into mid 20s.

    Such timescales are 'forever' in the sense of IT security. Just look at 'recent' examples - WEP was rolled out around 2000 and is now broken in just a couple minutes. Most cars made in 2000 are still on the road.

    I'd go as far as saying that it is impossible to secure your car for its expected useful life without the use of physical security.

    1. Re:Security and lifetime of your typical car by 0123456 · · Score: 4, Insightful

      PGP is over twenty years old, and I'm not aware of it being broken other than by rubber hoses or brute force on short keys.

      You don't need physical security, you just need security developers of clue.

    2. Re:Security and lifetime of your typical car by iluvcapra · · Score: 4, Insightful

      Note that PGP has changed its encryption and hashing algos several times. A PGP encrypted message today is safe from prying eyes today; a PGP message sent twenty years ago, with the original BassOmatic cypher, is quite vulnerable given modern hardware.

      --
      Don't blame me, I voted for Baltar.
  8. Re:Ford Comparison by 19thNervousBreakdown · · Score: 4, Insightful

    Or security by economy of effort. As it is, it takes 2 minutes to access the port to reprogram keys. If that port and its wires were buried in the engine so that you had to put the car on a lift and take it half apart to access, they'd move on to easier targets.

    Being able to create duplicate keys from the car itself is great. The lock doesn't have to be unbreakable, just more trouble to break than it's worth.

    --
    <xml><I><am><so><damn>Web 2.0</damn></so></am></I></xml>