BMW Traps A Car Thief By Remotely Locking His Doors

An anonymous reader quotes CNET: Seattle police caught an alleged car thief by enlisting the help of car maker BMW to both track and then remotely lock the luckless criminal in the very car he was trying to steal... Turns out if you're inside a stolen car, it's perhaps not the best time to take a nap. "A car thief awoke from a sound slumber Sunday morning (November 27) to find he had been remotely locked inside a stolen BMW, just as Seattle police officers were bearing down on him," wrote Jonah Spangenthal-Lee [deputy director of communications for the Seattle Police Department].

The suspect found a key fob mistakenly left inside the BMW by a friend who'd borrowed the car from the owner and the alleged crime was on. But technology triumphed. When the owner, who'd just gotten married a day earlier, discovered the theft, the police contacted BMW corporate, who tracked the car to Seattle's Ravenna neighborhood.
The 38-year-old inside was then booked for both auto theft and possession of methamphetamine.

What danger ?

[DrYak]

In an emergency, you're supposed to be able to break a car's side windows.

I supposed the "sun-cooked" guy had passed out (alcohol ? heat shock, while he was asleep ?) before realising he should get out of the car.

I'm more surprised that the thief didn't try to break out of the car. But, on the other hand the lock has happened while he was napping inside the car, so he might not have realised what had happened and did not release he should run away as fast as possible before the police arrives.

I would be much more worried about the remote disabling of the car :
- was some form of owner's access required in order to do the disabling ? (i.e.: the owner's second fob is needed in order to validate the instruction to lock and ignore the stolen fob ?)
- or does any sufficiently high executive at BMW have the power to shut down any random car ?

Also : is the remote access limited to very simple instruction (locking doors and revoking fobs - which as mentioned above shouldn't be dangerous except under special circumstances) or can the car be remotely shut down while it is driving ?

Re:I call bullshit.

[Zocalo]

The article is light on details as to how the emergency unlock got overridden - maybe the guy was just high and was tricked, but maybe BMW's double-pull safety/security feature gave them a window of opportunity that let them do this. If BMW were repeatedly sending the central lock signal to the car at a faster rate than the recently woken (and potentially also doped up) thief could do the double-pull, then perhaps that would be enough to keep the doors locked. We also have no idea from TFA how long they kept the doors locked for; it might only have been a few minutes, or possibly even less than that. It's entirely possible it was less than the time that the recently woken thief would have taken to gather hits wits and try something else like, say, opening/breaking a window and climbing out.

Re:Dangerous

[Aereus]

Suppose it depends on the water depth. I know I'd rather not wait for the cabin to flood if I were sinking in a lake. You might be pretty deep before you could get the door open and try to swim to the surface.

That's kidnapping

Sorry, but that is Felony kidnapping. A carmaker has no right to confine someone against their will, and Police have no right to make up the Law as they go along and confer that ability on someone who is not an agent of the State charged specifically with that power.

Police do not have the right to waive the kidnapping laws.

Re:Happy ending, but

[mlts]

If it came down to allowing someone from remote to lock the vehicle, preventing egress and disable the starter versus just making a claim to the insurance company, I'd rather forgo the remote locking and if the item is stolen, deal with the insurance company and see about a replacement vehicle, for a few reasons:

1: Usually a recovered vehicle is trashed big time, and you never know if sometime down the line you might have a dog search at a checkpoint (anyone travelling on I-10 knows about this) yield something the thieves put there in the way of illegal substances.

2: The vehicle can have a failure and lock someone in. At best, it means smashing a window to get out.

3: Most importantly, right now, it might just be a vehicle maker that can do this from remote... but it is only a matter of time before someone hacks that, and in a 104 degree day, someone decides to stall and double-lock all BMWs on the roads, forcing rescue teams to go vehicle by vehicle to get people out before they expire. Or, even more insidiously, during an evacuation, disable and lock all vehicles, ensuring nobody is able to exit a city before a hurricane strikes. The hacking team that manages to do this to OnStar will be forever immortalized.

And this already has happened on a smaller scale. Here in Austin a few years ago, a disgruntled employee logged into a used car dealership's system and disabled 100+ vehicles that were sold by that dealer, where they stalled in the road and started honking their horns. If a guy with a former employee username/PW can do that, imagine what a state sponsored group can do if/when they feel like that, especially with the mindset of most US companies being that security has no ROI.

tl;dr, keep the remote kill switches. It is only a matter of time before that stuff gets hacked, and perhaps used for ransom ("pay us 2 BTC, or else your car will be disabled and your engine's ECU fried in 12 hours.")