Slashdot Mirror

← Back to Stories (view on slashdot.org)

BMW Cars Vulnerable To Blank Key Attack

Posted by timothy on from the now-that-is-a-catchy-slogan dept.

Techmeology writes "Thieves have discovered how to steal BMW cars produced since 2006 by using the onboard computer that is able to program blank keys. The device used — originally intended for use by garages — is able to reprogram the key to start the engine in around three minutes. The blank keys, and reprogramming devices, have made their way onto the black market and are available for purchase over the Internet."

24 of 291 comments (clear)

  1. Imagine if this was self-driving car by Googlefu · · Score: 5, Interesting

    Not only would Google's self-driving car be vulnerable to this attack, it would start driving around itself! And you would be responsible for everything the hacked vehicle did.

    I agree with the previous note. It raises some very interesting points and why Google's self-driving cars would be bad. Just imagine if someone hacked your car and it ran over someone.

    1. Re:Imagine if this was self-driving car by Krneki · · Score: 5, Insightful
      It can happen yes, but what is more likely to happen an incompetent/drunk driver running you over or a hacked AI car?

      AI car will not be perfect, but I'm sure as hell they will be much better then the regular Joe.

      --
      Love many, trust a few, do harm to none.
    2. Re:Imagine if this was self-driving car by Googlefu · · Score: 4, Insightful

      If they can't even get "little" details like car locks working, how is full-driven AI going to be any better?

    3. Re:Imagine if this was self-driving car by Anonymous Coward · · Score: 4, Insightful

      Why would you be responsible?
      Are you responsible when someone steals a normal car?

    4. Re:Imagine if this was self-driving car by MetalliQaZ · · Score: 4, Insightful

      Heh. When did Asimov's rules become law?

      Also, just FYI, Asimov created those laws to break them down. He wrote a whole collection of stories that examine how the "3 laws of robotics" can fail.

      --
      "Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
    5. Re:Imagine if this was self-driving car by Krneki · · Score: 5, Insightful

      It's security vs ease of use. Maybe they hopped no one would bother, now they know it and the next model will be more secure. The thing about science is that is moving on, while human driving is not.

      --
      Love many, trust a few, do harm to none.
    6. Re:Imagine if this was self-driving car by Anonymous Coward · · Score: 5, Funny

      BMW driver here. Absolutely correct. I always drive in the middle of the road and I also yell "ka-ching" and "score" when I:

      Knock over bicyclists
      Clip old ladies
      Back up over children
      Pass (usually on the right) morons in Priuses, Smart Cars and other econo-boxes like Hondas and Rustangs.
      Cut off mom-mobiles where the housewives are talking on the cell phone to their mom.

      My driver's seat is usually (partially) filled with a small asian chick with big tits and bigger sunglasses. It is a misnomer that I talk on cell phones while I pass you. In reality, I don't talk on the cell phone because my trophy passenger takes my calls for me.

      However, I wouldn't be caught dead on spandex or on a bike. That's who we run over, man. Why would would a predator become prey?

      Remember, the difference between a porcupine and a BMW is that with a BMW, the pricks are on the inside. Drive safe! Stay out of my way.

    7. Re:Imagine if this was self-driving car by daem0n1x · · Score: 5, Funny

      Just imagine if a locomotive boiler explodes and kill someone. Steam trains are bad. We should use horses.

      Just imagine if a house falls down and people get crushed. Houses are bad. We should live in caves.

      Just imagine if your laptop explodes and you die. Laptops are bad, we should use abacuses.

    8. Re:Imagine if this was self-driving car by DigiShaman · · Score: 4, Interesting

      Take the first law for example

      A robot may not injure a human being or, through inaction, allow a human being to come to harm.

      So a robot walks in a warehouse and finds 100 people all tied up. One of them in the middle has explosives. In this scenario, the robot concludes that the only way to save the other 99 is to kill the one with the explosives. He only has 5 seconds to make a decision.

      What does he do? By the first law, he's screwed no matter what decision he makes. Does he opt for the greater good option and kill the one man to save the 99? Or let all 100 die?

      --
      Life is not for the lazy.
    9. Re:Imagine if this was self-driving car by Pieroxy · · Score: 4, Interesting

      It's not security vs ease of use. It the proof that you should not let a hardware company reinvents itself as a software company. At least not for critical stuff. Whether the car lock is critical or not is another debate.

      Look at drivers for printers or scanners, or GC to see that hardware companies have no shame at all when it comes to releasing software that any software developer would qualify as a pile of smoking shit.

      --
      Write boring code, not shiny code!
    10. Re:Imagine if this was self-driving car by gstovall · · Score: 5, Informative

      Asimov did study this scenario, and it led to the zeroth law, basically known only to the robots.

      0. A robot may not harm humanity, or, by inaction, allow humanity to come to harm.

      As in Star Trek, "The needs of the many outweigh the needs of the few...or the one"

    11. Re:Imagine if this was self-driving car by 1s44c · · Score: 4, Interesting

      "Hey, that's a nice car you have there"
      "Uhh, hi, yeah, thanks"
      "What do you do?"
      "I'm a software developer"
      "Looking for a job? My name is X and I work for...."
      I've verified that those I didn't immediately blow off were indeed mgmt at software companies.

      So, ya'll have fun bashing bmers!

      Are you making this up? Basing recruitment decisions on the car someone drives sounds crazy to me but this is one crazy world.

  2. In other news: by AtomicDevice · · Score: 5, Insightful

    Highly advanced cyber-thieves discover method to steal cars with a coat hanger and a screw driver! Everyone cower in terror!

    Not that this isn't dumb security on BMW's part, but the thing keeping people from stealing your car is their conscience and the police, not your hyper-powerful super-locks. They might keep some dumb teenagers out of your car, but not car thieves who buy blank keys on the black market and learn to reprogram them.

    --
    Ze Atomic Device! It iz Ztolen!
    1. Re:In other news: by 54mc · · Score: 4, Interesting

      I stopped locking my car for a similar reason. Nothing in my car is worth more than the cost of a broken window. I will say that I've lost a few jackets I've left in there during the winter, but, as I said, they were a lot cheaper than a new window.

      --
      Joy! Beautiful spark of the gods!
    2. Re:In other news: by afgam28 · · Score: 4, Informative

      When the car makers all started to introduce engine immobilizers, the rate of car thefts plunged. (An immobilizer is a device that prevents hot wiring)

      If your reasoning was true then immobolizers would not have had any effect.

      Yes a determined and well equipped theif will always find a way in. Unfortunately, most vehicle thefts are opportunistic crimes, and it is definitely worth trying to prevent that by locking your car.

  3. Dupe by Muros · · Score: 5, Informative

    http://news.slashdot.org/story/12/07/10/1657203/hackers-steal-keyless-bmw-in-under-3-minutes

  4. Security and lifetime of your typical car by sinij · · Score: 5, Insightful

    Cars are expected to last at least 10 years, many last much longer, well into mid 20s.

    Such timescales are 'forever' in the sense of IT security. Just look at 'recent' examples - WEP was rolled out around 2000 and is now broken in just a couple minutes. Most cars made in 2000 are still on the road.

    I'd go as far as saying that it is impossible to secure your car for its expected useful life without the use of physical security.

    1. Re:Security and lifetime of your typical car by 0123456 · · Score: 4, Insightful

      PGP is over twenty years old, and I'm not aware of it being broken other than by rubber hoses or brute force on short keys.

      You don't need physical security, you just need security developers of clue.

    2. Re:Security and lifetime of your typical car by iluvcapra · · Score: 4, Insightful

      Note that PGP has changed its encryption and hashing algos several times. A PGP encrypted message today is safe from prying eyes today; a PGP message sent twenty years ago, with the original BassOmatic cypher, is quite vulnerable given modern hardware.

      --
      Don't blame me, I voted for Baltar.
  5. Pricey cars! by cupantae · · Score: 4, Funny

    They cost between 17,000 and more than 100,000 thousand pounds.

    £100,000,000 is too much for any car, let alone one that allows anyone to steal it.

    --
    --
  6. Re:Ford Comparison by Lumpy · · Score: 4, Interesting

    Why so complicated? a simple $3.29 switch that interrupts the power to the fuel pump. Works on 99.98765% of all cars and will foil any thief.

    Flip switch under seat, and leave the car. Thief tries to start car and it acts like it is out of gas. No thief will look under the seat for a switch they have less than 30 seconds to get in and get the car moving or they risk getting caught, so if they cant do a fast smash and grab they move on.

    --
    Do not look at laser with remaining good eye.
  7. Re:Ford Comparison by 19thNervousBreakdown · · Score: 4, Insightful

    Or security by economy of effort. As it is, it takes 2 minutes to access the port to reprogram keys. If that port and its wires were buried in the engine so that you had to put the car on a lift and take it half apart to access, they'd move on to easier targets.

    Being able to create duplicate keys from the car itself is great. The lock doesn't have to be unbreakable, just more trouble to break than it's worth.

    --
    <xml><I><am><so><damn>Web 2.0</damn></so></am></I></xml>
  8. Re:And the question is by epedersen · · Score: 4, Informative

    and by a bit of a price they meen less then $100 http://www.ebay.com/itm/New-BMW-KEY-PROGRAMMER-/120946886043?pt=Motors_Car_Truck_Parts_Accessories&hash=item1c28ff059b

  9. Passive alarm system. by SternisheFan · · Score: 5, Interesting

    True story. Some years back in N.Y.C. thieves stole a restored vintage car, not knowing the owner had installed his own homemade anti-theft deterrent system. As they're tooling around in Manhattan, the thief who's driving sees a large unlabled red button mounted all by itself in the dash. The guy says to his buddy, "Hey,I wonder what this does...", and presses it. In the middle of a block the engine shuts down, the horn blares, and the car's lights keep flashing on and off. Unable to restart it, the thieves abandon the car, and that owner was laughing when he got it back, unscathed, the same day. So this story shows how you don't always need an expensive complicated alarm system to get the job done.