BMW Cars Vulnerable To Blank Key Attack

← Back to Stories (view on slashdot.org)

BMW Cars Vulnerable To Blank Key Attack

Posted by timothy on Thursday September 13, 2012 @02:13AM from the now-that-is-a-catchy-slogan dept.

Techmeology writes "Thieves have discovered how to steal BMW cars produced since 2006 by using the onboard computer that is able to program blank keys. The device used — originally intended for use by garages — is able to reprogram the key to start the engine in around three minutes. The blank keys, and reprogramming devices, have made their way onto the black market and are available for purchase over the Internet."

56 of 291 comments (clear)

Min score:

Reason:

Sort:

Imagine if this was self-driving car by Googlefu · 2012-09-13 02:13 · Score: 5, Interesting

Not only would Google's self-driving car be vulnerable to this attack, it would start driving around itself! And you would be responsible for everything the hacked vehicle did.
I agree with the previous note. It raises some very interesting points and why Google's self-driving cars would be bad. Just imagine if someone hacked your car and it ran over someone.
1. Re:Imagine if this was self-driving car by Krneki · 2012-09-13 02:15 · Score: 5, Insightful
  
  It can happen yes, but what is more likely to happen an incompetent/drunk driver running you over or a hacked AI car?
  AI car will not be perfect, but I'm sure as hell they will be much better then the regular Joe.
  
  --
  Love many, trust a few, do harm to none.
2. Re:Imagine if this was self-driving car by Googlefu · 2012-09-13 02:20 · Score: 4, Insightful
  
  If they can't even get "little" details like car locks working, how is full-driven AI going to be any better?
3. Re:Imagine if this was self-driving car by Anonymous Coward · 2012-09-13 02:20 · Score: 4, Insightful
  
  Why would you be responsible?
  Are you responsible when someone steals a normal car?
4. Re:Imagine if this was self-driving car by MetalliQaZ · 2012-09-13 02:22 · Score: 4, Insightful
  
  Heh. When did Asimov's rules become law?
  Also, just FYI, Asimov created those laws to break them down. He wrote a whole collection of stories that examine how the "3 laws of robotics" can fail.
  
  --
  "Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
5. Re:Imagine if this was self-driving car by The+Grim+Reefer · 2012-09-13 02:26 · Score: 2
  
  It raises some very interesting points and why Google's self-driving cars would be bad. Just imagine if someone hacked your car and it ran over someone.
  Depending on who it runs over, this could be a feature rather than a bad thing.
6. Re:Imagine if this was self-driving car by Krneki · 2012-09-13 02:26 · Score: 5, Insightful
  
  It's security vs ease of use. Maybe they hopped no one would bother, now they know it and the next model will be more secure. The thing about science is that is moving on, while human driving is not.
  
  --
  Love many, trust a few, do harm to none.
7. Re:Imagine if this was self-driving car by Anonymous Coward · 2012-09-13 02:30 · Score: 2, Funny
  
  And when you see a geek, you see a filthy little zero with massive personality disorders, deranged sexual fetishes, completely unsupported arrogance and an impotent, hyper-ideological little shit who deserves to be kicked in the groin or punched in the face (as determined by 20 sided die roll) on an hourly basis as penance for being such an insufferably awful sack of misery.
8. Re:Imagine if this was self-driving car by Anonymous Coward · 2012-09-13 02:36 · Score: 5, Funny
  
  BMW driver here. Absolutely correct. I always drive in the middle of the road and I also yell "ka-ching" and "score" when I:
  Knock over bicyclists
  Clip old ladies
  Back up over children
  Pass (usually on the right) morons in Priuses, Smart Cars and other econo-boxes like Hondas and Rustangs.
  Cut off mom-mobiles where the housewives are talking on the cell phone to their mom.
  My driver's seat is usually (partially) filled with a small asian chick with big tits and bigger sunglasses. It is a misnomer that I talk on cell phones while I pass you. In reality, I don't talk on the cell phone because my trophy passenger takes my calls for me.
  However, I wouldn't be caught dead on spandex or on a bike. That's who we run over, man. Why would would a predator become prey?
  Remember, the difference between a porcupine and a BMW is that with a BMW, the pricks are on the inside. Drive safe! Stay out of my way.
9. Re:Imagine if this was self-driving car by Joce640k · 2012-09-13 02:51 · Score: 3, Insightful
  
  AI car will not be perfect, but I'm sure as hell they will be much better then the regular Joe.
  I can tell you're not a lawyer...
  
  --
  No sig today...
10. Re:Imagine if this was self-driving car by daem0n1x · 2012-09-13 02:55 · Score: 5, Funny
  
  Just imagine if a locomotive boiler explodes and kill someone. Steam trains are bad. We should use horses.
  Just imagine if a house falls down and people get crushed. Houses are bad. We should live in caves.
  Just imagine if your laptop explodes and you die. Laptops are bad, we should use abacuses.
11. Re:Imagine if this was self-driving car by AwesomeMcgee · 2012-09-13 03:12 · Score: 2
  
  Asimov's laws are a straw man argument?? Nonsense, he wouldn't do that to us! No, not him!
12. Re:Imagine if this was self-driving car by DigiShaman · 2012-09-13 03:16 · Score: 4, Interesting
  
  Take the first law for example
  A robot may not injure a human being or, through inaction, allow a human being to come to harm.
  So a robot walks in a warehouse and finds 100 people all tied up. One of them in the middle has explosives. In this scenario, the robot concludes that the only way to save the other 99 is to kill the one with the explosives. He only has 5 seconds to make a decision.
  What does he do? By the first law, he's screwed no matter what decision he makes. Does he opt for the greater good option and kill the one man to save the 99? Or let all 100 die?
  
  --
  Life is not for the lazy.
13. Re:Imagine if this was self-driving car by Pieroxy · 2012-09-13 03:46 · Score: 4, Interesting
  
  It's not security vs ease of use. It the proof that you should not let a hardware company reinvents itself as a software company. At least not for critical stuff. Whether the car lock is critical or not is another debate.
  Look at drivers for printers or scanners, or GC to see that hardware companies have no shame at all when it comes to releasing software that any software developer would qualify as a pile of smoking shit.
  
  --
  Write boring code, not shiny code!
14. Re:Imagine if this was self-driving car by gstovall · 2012-09-13 03:48 · Score: 5, Informative
  
  Asimov did study this scenario, and it led to the zeroth law, basically known only to the robots.
  0. A robot may not harm humanity, or, by inaction, allow humanity to come to harm.
  As in Star Trek, "The needs of the many outweigh the needs of the few...or the one"
15. Re:Imagine if this was self-driving car by Chatsubo · 2012-09-13 04:01 · Score: 3, Interesting
  
  Geek BMW driver here: I only go to work in T-shirts with game logo's on them and jeans. I can't tell you how priceless the looks are when I get out sometimes. This unruly looking nerd?
  BUT, Pro tip: Since driving a 5 I've had multiple job approaches from strangers on the street. I'd go so far as to call it an investment in your career (even if you buy a cheaper 2nd hand one like I did).
  That's not the way it's supposed to be, but my RL experience bears it out. Typical convo (I swear on my grandma's grave, this has really happened to me. Even at a funeral - no relation to grandma):
  "Hey, that's a nice car you have there"
  "Uhh, hi, yeah, thanks"
  "What do you do?"
  "I'm a software developer"
  "Looking for a job? My name is X and I work for...."
  I've verified that those I didn't immediately blow off were indeed mgmt at software companies.
  So, ya'll have fun bashing bmers!
  
  --
  > no, yes, maybe (tagging beta)
16. Re:Imagine if this was self-driving car by 1s44c · 2012-09-13 04:06 · Score: 4, Interesting
  
  "Hey, that's a nice car you have there"
  "Uhh, hi, yeah, thanks"
  "What do you do?"
  "I'm a software developer"
  "Looking for a job? My name is X and I work for...."
  I've verified that those I didn't immediately blow off were indeed mgmt at software companies.
  So, ya'll have fun bashing bmers!
  Are you making this up? Basing recruitment decisions on the car someone drives sounds crazy to me but this is one crazy world.
17. Re:Imagine if this was self-driving car by Joce640k · 2012-09-13 04:57 · Score: 3, Interesting
  
  Nope. Just look at what happened to Toyota, Audi, et. al. because somebody blamed the accelerator pedal for their inability to drive.
  
  --
  No sig today...
18. Re:Imagine if this was self-driving car by tibit · 2012-09-13 05:20 · Score: 3, Insightful
  
  Not any crazier than selecting candidates based on keyword matches in their resumes, I'd think.
  
  --
  A successful API design takes a mixture of software design and pedagogy.
19. Re:Imagine if this was self-driving car by hawguy · 2012-09-13 05:59 · Score: 2
  
  The article is a advertisement soak...
  From the article 'I am pleased to say that we have now had further information from our technical team which means that we will be able to offer the same mitigating measures mentioned in relation to X5 and X6, to any concerned BMW owners, starting within the next eight weeks. This will mean that the car cannot be taken using the piece of equipment you highlight. Of course this will not render the car unstealable, but it will address this particular form of attack.'
  Meaning they have already rendered this thing useless. Until the criminals figure out a way around it...
  Well, I think you mean they *think* they will be able to render this attack useless starting in about 2 months from now, but until their fix makes it into the wild, they really don't know if someone will find an easy way around it.
20. Re:Imagine if this was self-driving car by nitehawk214 · 2012-09-13 06:56 · Score: 3, Funny
  
  And when you see a geek, you see a filthy little zero with massive personality disorders, deranged sexual fetishes, completely unsupported arrogance and an impotent, hyper-ideological little shit who deserves to be kicked in the groin or punched in the face (as determined by 20 sided die roll) on an hourly basis as penance for being such an insufferably awful sack of misery.
  So what are the other 18 things that deserve to be done to them?
  Actually if you are determining how do beat someone up via 20 sided die roll... you probably are a geek. A geek with a lot of issues.
  
  --
  I'm a good cook. I'm a fantastic eater. - Steven Brust
21. Re:Imagine if this was self-driving car by DarwinSurvivor · 2012-09-13 17:15 · Score: 2
  
  Not 1 person was ever able to provide any evidence that there was anything wrong with the cars. In the only report I ever saw that listed incidents, a large percentage of the drivers (the report only had about 10 incidents) were elderly, so there's a good chance it was driver error.
And the question is by Psicopatico · 2012-09-13 02:18 · Score: 3, Funny

FTFA:

Amazingly, the blank keys and the device are both available to buy at a bit of a price on the internet.
And the question is: how many BitCoins does those cost?

--
Mastering the English language is fucking easy: all you have to do is to put an f* word in every fucking sentence.
1. Re:And the question is by epedersen · 2012-09-13 04:20 · Score: 4, Informative
  
  and by a bit of a price they meen less then $100 http://www.ebay.com/itm/New-BMW-KEY-PROGRAMMER-/120946886043?pt=Motors_Car_Truck_Parts_Accessories&hash=item1c28ff059b
Ford Comparison by Anonymous Coward · 2012-09-13 02:19 · Score: 2, Interesting

I know ford around the same era required other valid keys to be present when the new key was programmed. I'm surprised BMW didn't have a similar requirement
1. Re:Ford Comparison by TWX · 2012-09-13 02:28 · Score: 3, Insightful
  
  I'm not surprised.
  
  Essentially no one thinks about security, or more accurately, while one team is thinking about security, another team is thinking about something that totally and completely bypasses that security.
  
  And as for Ford, there was an article in Wired several years ago about the possible failure of immobilizer systems in various Ford/Lincoln vehicles.
  
  In my opinion, if there's a legitimate way to make the vehicle move, there's a way to make the vehicle move. If you don't want the vehicle to move then you need to remove something from it that makes it move, preferably something that a thief wouldn't normally bring with them, like a coil wire on a vehicle with a distributor, or a fuel pump relay or ASD relay, or something like that. Come to think of it, one could probably relocate such a relay to the passenger compartment to allow one to use the relay itself like a key, removing it to immobilize the vehicle.
  
  Either way though, relying on an electronic means from an automaker is foolish.
  
  --
  Do not look into laser with remaining eye.
2. Re:Ford Comparison by mlts · 2012-09-13 02:33 · Score: 3, Interesting
  
  There is that, or use security by obscurity. For example, on Ford PATS systems, one can put a switch in on the circuit of the ignition antenna which reads the key's RFID chip.
  Flip the switch, and even if a thief was able to clone a 40 (S) or 80 bit (SA) PATS key, they will still be stuck scratching their head as the ignition still wouldn't start.
  Of course, this doesn't mean that the thief will not resort to vandalism, but it will mean the vehicle most likely will remain in the same spot unless towed.
3. Re:Ford Comparison by swb · 2012-09-13 02:58 · Score: 2
  
  I've seen this technique used before. A landscaper I knew had a hidden key lock than interrupted the electronics on a Bobcat, and my dad's business had some numeric keypad switches that did the same thing installed in some of the business cars they had.
  The keypad would be easy to defeat if you had a shop and could trace the wires, but the keypad itself had a bunch of wires in/out that couldn't just be randomly spliced by a thief. I think there might have been some other module under the hood, too, that made it more complicated.
4. Re:Ford Comparison by Joce640k · 2012-09-13 02:59 · Score: 2
  
  I remember opening a friend's Peugeot with my HP200LX and a TV remote control emulator.
  The keys used an infra-red system with a receiver above the rear view mirror.
  
  --
  No sig today...
5. Re:Ford Comparison by Lumpy · 2012-09-13 03:28 · Score: 4, Interesting
  
  Why so complicated? a simple $3.29 switch that interrupts the power to the fuel pump. Works on 99.98765% of all cars and will foil any thief.
  Flip switch under seat, and leave the car. Thief tries to start car and it acts like it is out of gas. No thief will look under the seat for a switch they have less than 30 seconds to get in and get the car moving or they risk getting caught, so if they cant do a fast smash and grab they move on.
  
  --
  Do not look at laser with remaining good eye.
6. Re:Ford Comparison by 19thNervousBreakdown · 2012-09-13 04:18 · Score: 4, Insightful
  
  Or security by economy of effort. As it is, it takes 2 minutes to access the port to reprogram keys. If that port and its wires were buried in the engine so that you had to put the car on a lift and take it half apart to access, they'd move on to easier targets.
  Being able to create duplicate keys from the car itself is great. The lock doesn't have to be unbreakable, just more trouble to break than it's worth.
  
  --
  <xml><I><am><so><damn>Web 2.0</damn></so></am></I></xml>
7. Re:Ford Comparison by CanHasDIY · 2012-09-13 04:49 · Score: 3, Interesting
  
  So put the switch different places in different installs. Under the seat, in the glovebox, and under the dash (above the accelerator) all come to mind. Better yet, repurpose an unused factory switch, or find a factory switch you don't really use, put that elsewhere, and hook the old switch up to the fuel pump. Maybe you have to push the tire pressure monitoring system reset button before the car will start...
  This is security by obscurity, but when it's different and non-obvious on each car, it's good stuff.
  No, that's not "security through obscurity," it's "security through ridiculously circuitous nonsense."
  
  Most modern cars, i.e. the type to have a tyre pressure monitoring reset button, don't like it when people start hacking up their wiring harnesses. And by "don't like it," I of course mean "will refuse to start until a professional technician fixes all the wiring you fucked up."
  
  Not that a fuel pump cut-off switch is a bad idea, but your suggestions on placement and operation indicate a fundamental lack of knowledge concerning modern automotive systems.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
8. Re:Ford Comparison by Dayze!Confused · 2012-09-13 05:19 · Score: 3, Interesting
  
  I had a friend who's car had to have the headlights turned on or else it would honk if you tried to turn the ignition. That was a wacky way to keep people from stealing your car.
  
  --
  "All tyranny needs to gain a foothold is for people of good conscience to remain silent." [Thomas Jefferson]
9. Re:Ford Comparison by Obfuscant · 2012-09-13 07:37 · Score: 2
  
  A friend of mine has a van that can be opened up with a magnet held at the lower right corner of the rear window. It's the "magic key" system they installed in his handicapped accessible van that opens the side door. Freaked him out when I pulled a magnet out of my pocket one day and opened his door for him.
In other news: by AtomicDevice · 2012-09-13 02:21 · Score: 5, Insightful

Highly advanced cyber-thieves discover method to steal cars with a coat hanger and a screw driver! Everyone cower in terror!
Not that this isn't dumb security on BMW's part, but the thing keeping people from stealing your car is their conscience and the police, not your hyper-powerful super-locks. They might keep some dumb teenagers out of your car, but not car thieves who buy blank keys on the black market and learn to reprogram them.

--
Ze Atomic Device! It iz Ztolen!
1. Re:In other news: by rot26 · 2012-09-13 02:28 · Score: 3, Insightful
  
  PREVENT crime?
  
  You're thinking of some organization other than the police. They're just there to fill out the paperwork afterward.
  
  --
  
  To ensure perfect aim, shoot first and call whatever you hit the target
2. Re:In other news: by dywolf · 2012-09-13 02:33 · Score: 3, Interesting
  
  Why I rarely bother to lock my car. Granted its an older model. Truth is, ya, a determined theif will steal the car about as quickly as I can unlock the door and start it normally with the key. Most people aren't so motivated, and governed by basic morals. As long as the key isnt in the car, and there's nothing worth stealing in the car, and I'm in a reasonably low crime area, the car is gonna be fine in all likelihood. Just as well since hte lock has started acting finicky about 6 months ago. I really need to take it apart and degrime it with some WD or something.
  
  --
  The guy who said the election was rigged won the presidency with the second-most votes.
3. Re:In other news: by jeffmeden · 2012-09-13 02:36 · Score: 3, Interesting
  
  Highly advanced cyber-thieves discover method to steal cars with a coat hanger and a screw driver! Everyone cower in terror!
  Not that this isn't dumb security on BMW's part, but the thing keeping people from stealing your car is their conscience and the police, not your hyper-powerful super-locks. They might keep some dumb teenagers out of your car, but not car thieves who buy blank keys on the black market and learn to reprogram them.
  The seemingly odd thing is that there are other implementations that work the same way (I have seen this done to Honda cars many many times) but don't suffer from this kind of attack, since the car computer purposefully responds very very slowly to the reprogram command. Leave it to those hyper-efficient Germans to think that reducing the time required was a good thing.
4. Re:In other news: by 54mc · 2012-09-13 02:36 · Score: 4, Interesting
  
  I stopped locking my car for a similar reason. Nothing in my car is worth more than the cost of a broken window. I will say that I've lost a few jackets I've left in there during the winter, but, as I said, they were a lot cheaper than a new window.
  
  --
  Joy! Beautiful spark of the gods!
5. Re:In other news: by Anonymous Coward · 2012-09-13 03:44 · Score: 3, Insightful
  
  Yes, but do you think the crook would have broken a window to get your coat?
6. Re:In other news: by afgam28 · 2012-09-13 03:45 · Score: 4, Informative
  
  When the car makers all started to introduce engine immobilizers, the rate of car thefts plunged. (An immobilizer is a device that prevents hot wiring)
  If your reasoning was true then immobolizers would not have had any effect.
  Yes a determined and well equipped theif will always find a way in. Unfortunately, most vehicle thefts are opportunistic crimes, and it is definitely worth trying to prevent that by locking your car.
7. Re:In other news: by localman57 · 2012-09-13 05:13 · Score: 2
  
  What difference does it make? It's not like you're going to roll up the windows if there's a hobo pile in the back seat.
and after the fix all work must be done dealership by Joe_Dragon · 2012-09-13 02:22 · Score: 2

and after the fix all work must be done dealership
Dupe by Muros · 2012-09-13 02:24 · Score: 5, Informative

http://news.slashdot.org/story/12/07/10/1657203/hackers-steal-keyless-bmw-in-under-3-minutes
Security and lifetime of your typical car by sinij · 2012-09-13 02:27 · Score: 5, Insightful

Cars are expected to last at least 10 years, many last much longer, well into mid 20s.

Such timescales are 'forever' in the sense of IT security. Just look at 'recent' examples - WEP was rolled out around 2000 and is now broken in just a couple minutes. Most cars made in 2000 are still on the road.

I'd go as far as saying that it is impossible to secure your car for its expected useful life without the use of physical security.
1. Re:Security and lifetime of your typical car by 0123456 · 2012-09-13 02:40 · Score: 4, Insightful
  
  PGP is over twenty years old, and I'm not aware of it being broken other than by rubber hoses or brute force on short keys.
  You don't need physical security, you just need security developers of clue.
2. Re:Security and lifetime of your typical car by iluvcapra · 2012-09-13 05:52 · Score: 4, Insightful
  
  Note that PGP has changed its encryption and hashing algos several times. A PGP encrypted message today is safe from prying eyes today; a PGP message sent twenty years ago, with the original BassOmatic cypher, is quite vulnerable given modern hardware.
  
  --
  Don't blame me, I voted for Baltar.
Its a key recovery problem... by nweaver · 2012-09-13 02:27 · Score: 3, Informative

(Since its a duplicate post, I'm going to include my reply from the last time it was posted)
The basic design flaw is how key duplication/recovery is handled.
On my motorcycle (a Concours 14 with keyless ignition), to program a new key you need an existing key, to tell the computer "hey, this is the new key to use". The disadvantage is, naturally, if you lose all your keys, you need to replace the computer!
But its better than the alternative. On the BMW, all you need to do is plug into the OOBDII port and tell the computer "Here is the new key". This means if you lose all your keys, you don't have to buy a new computer... But it also means that anyone who can break into the car can create a key and drive off.

--
Test your net with Netalyzr
1. Re:Its a key recovery problem... by mlts · 2012-09-13 02:45 · Score: 2
  
  Ford is similar to the Concours -- to add a new key, you need two existing keys to the system.
  Of course, if one loses a key, one can get a programmer for a Ford. However what the vehicle does to slow down a thief who has two cut keys is force a 10 minute wait cycle until security functions are accessible. Then keys can be added and removed.
  The wait time isn't perfect -- someone's car that is tucked away somewhere remote can be accessed, but compared to having to replace the computer [1], it is a decent compromise.
  There has to be a balance somewhere between "crap, lost all keys, time to replace ECM/TCM/audio system/etc." versus "plug device in, hotwire vehicle, drive off."
  [1]: Mercedes systems from what I've seen are pretty secure, but if has to delete more then eight keys over the vehicle's lifetime, a good chunk of the car computer will need replaced.
Pricey cars! by cupantae · 2012-09-13 02:28 · Score: 4, Funny

They cost between 17,000 and more than 100,000 thousand pounds.
£100,000,000 is too much for any car, let alone one that allows anyone to steal it.

--
--
No, it's worse by dutchwhizzman · 2012-09-13 02:45 · Score: 3, Informative

All you have to do in the BMW is to tell te computer "This is a blank key, please put one of the legible, unencrypted 10 passwords you have in you on the blank key". The other keys already issued would still work and you could even program keys with them as well, just not using the car itself.

--
I was promised a flying car. Where is my flying car?
This is /. not /b/ by SmallFurryCreature · 2012-09-13 03:03 · Score: 2

On /b/ you can be certain, he is talking about his kids.
On /. you can be certain, whenever someone is talking about sex, he is lying.

--

MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Re:Buy vintage BMWs! by Pope · 2012-09-13 03:35 · Score: 3, Informative

Hell, the old R series motorcycles from the late 60s/early 70s had ONE key for every model! Want someone else's R60? Just use your key and start 'er up.

--
It doesn't mean much now, it's built for the future.
Re:Stolen in 3 minutes? by Lluc · 2012-09-13 03:43 · Score: 2

All you need to stop this is a car alarm and a .357 magnum.
You really just need the .357 magnum -- if you shoot the car enough times in the correct place, I guarantee a thief will not be able to drive it away.
Re:this works great though by characterZer0 · 2012-09-13 04:31 · Score: 3, Insightful

If you're too much of a lazy fat ass to crank-start your engine and you need to turn a metal key, you deserve to get your car stolen.

--
Go green: turn off your refrigerator.
Passive alarm system. by SternisheFan · 2012-09-13 05:02 · Score: 5, Interesting

True story. Some years back in N.Y.C. thieves stole a restored vintage car, not knowing the owner had installed his own homemade anti-theft deterrent system. As they're tooling around in Manhattan, the thief who's driving sees a large unlabled red button mounted all by itself in the dash. The guy says to his buddy, "Hey,I wonder what this does...", and presses it. In the middle of a block the engine shuts down, the horn blares, and the car's lights keep flashing on and off. Unable to restart it, the thieves abandon the car, and that owner was laughing when he got it back, unscathed, the same day. So this story shows how you don't always need an expensive complicated alarm system to get the job done.