Car thieves root the BMW, make off like bandits

A vulnerability in BMW's keyless ignition system allows thieves to make off with them in under three minutes, possibly via the engine's diagnostic systems. BMW's acknowledged something is amiss, but hasn't done much to fix the problem.

On the car forum 1Addicts, a one-time poster by the name of "stolen1m" uploaded the above video showing how his BMW was stolen in under three minutes. He suspects the thieves used devices that plug into the car's On-Board Diagnostic (ODB) port to program a new keyfob.

In this particular video, there are a few security flaws that the hackers are exploiting simultaneously: there is no sensor that is triggered when the thieves initially break the window, the internal ultrasonic sensor system has a "blind spot" just in front of the OBD port, the OBD port is constantly powered (even when the car is off), and last but not least, it does not require a password. All of this means the thieves can gain complete access to the car without even entering it.

BMW has acknowledged that there is a problem, but is downplaying this particular issue by saying the whole industry struggles with thievery. This is unfortunate given that the evidence seems to point towards BMWs being specifically targeted. Whether that's because they are luxury cars or because they have a security loophole doesn't matter: the point is BMW needs to do something about it.

Hackers steal keyless BMW in under 3 minutes (video) (via /.)


  1. Hmm, we could either treat this as a situation where a manufacturer is guilty of significant negligence, or we could take the opportunity to crack down on ODBC interfaces and similar tools, ideally in a fashion that enhances dealer lock-in and criminalizes research and owner repair while doing little or nothing to halt the activities of thieves…

  2. It was stolen by *pushing* it away? Like, they got into it but couldn’t start it? Is the anti-theft system supposed to prevent this particular variety of theft? I mean, presumably they could drop straps from a helicopter, run them under the car, and fly it away, but I’m not sure I’d blame BMW for that.

    1.  Presumably they pushed it so people in the house wouldn’t be woken by it starting. There’s no knowing if there’re bedrooms right above where the cars are stored, and the windows might well be open on the latch.

    2. Like Fang Xianfu said, they probably pushed it away to start it. The 1M is a sport-tuned car and its pipes are loud. Also, BMW doesn’t offer anti-theft standard. Rather, it’s a very pricey option. Very pricey.

  3. BMW really isn’t lying here. This is the case with practically every modern car. Having a blind spot near the OBD connector (and not having the window trigger the alarm regardless!) is sloppy, but not worth crucifying them. It really is this easy to steal a car, any car, even with all the technology they put in them.

    You can get a OBD2 to USB cable off ebay for less than £10. After that it’s just a matter of knowing what codes to use to add keys to the immobiliser. They don’t normally come with those codes like they do for, say, engine fault codes, but obviously criminals have their sources. I had a new key cut for my car when I bought it as it only came with one. The guy used a proper OBD computer and it took him all of twenty seconds to add the key he’d just cut to the immobiliser. Just pick the make and model off the list, push a button, and turn the key.

    Why have such poor security? Probably two reasons: one, in an industry where second-hand sales are so common, you screw over the second buyer if the previous owner lost the bit of paper with the immobiliser code on it and now buyer number two needs to pay £600 for a new ECU if she wants more keys. That ruins the resale value of your cars and that in turn makes people not want to buy them in the first place.

    The second reason is because you can charge people out the ass for new keys, especially the keyless ones that third-party suppliers can’t source yet because nobody’s reverse-engineered them. £200 per key isn’t uncommon, maybe £300 or more for higher-end models. And you could even keep the piece of paper with the immobiliser code on it when you bring the cars into the country and charge people £15 for a copy of it. Fiat really did that, it’s ridiculous.

    So yeah, car security is crap, and always has been.

  4. If professional car thieves want your car and have three minutes to mess around with it, they’re going to take it. That’s always been the case but now it’s OH NO ELECTRONIC H4X

  5. What’s interesting to me about auto security is comparing it to safe manufacturers. They rate their products based on how long it would take a burglar to crack it open using “standard” tools. The mode of thinking is that a safe isn’t meant to keep your things permanently secure, just keep them safe long enough for a determined burglar to get caught.

    I’m not sure why auto manufacturers haven’t caught on to this, it’s not like the TL ratings or the concepts that underlie them are new innovations. One would think that after losing the battle for so long (car security has always been a joke) they would have given the safe industry some attention and learned from it.

    1. I think something like this DOES exist, but only on the consumer side. There are yearly lists of the most-stolen cars, and I know that when I was looking at new cars, I kept that list in mind. Some cars just get stolen more than others. My dad’s ’89 Maxima was stolen 3 times in the 10 years he owned it. 

      1. And he got it back twice?!  That’s impressive.  Or was it really so bad that the thieves couldn’t be bothered with it…?

  6. “All of this means the thieves can gain complete access to the car without even entering it.”

    I don’t understand how breaking the window and accessing the OBD port implies not “even entering it”?

    1. That’s where I’m confused as well.

      If they have broken the window (without alerting anyone to their presence) then there isn’t much stopping them from stealing it.   Well maybe if you installed a secondary fuel cutoff not tied into the computer, or went Mad Max and hid a stick of dynamite under the floor board, then they might not get away with it.

      -might have to explain why your brand new 1 Series just blew up 3 thieves…but it’s insured right?

      1. I think this story gained ground because people assumed that with these new systems, it would no longer be the case that thieves could so easily and quickly steal your car.

        The car companies are not even necessarily misleading about this, because they don’t have to be – it’s just natural to assume that new security features mean it’s harder to steal.

        Also though, this particular model is produced in small numbers and is considered extremely cool – it’s a driver’s car, not meant to be flashy but meant to drive extremely well (and not at an outrageous price). If you own one of these cars, you are probably going to know enough about cars to know that electronic key systems won’t protect you from theft.

      2. > If they have broken the window then there isn’t much stopping them from stealing it

        Well how about an engine immobilizer system that actually needs a code to deactivate rather than one that can be deactivated without any sort of protection.

  7. [Luddite alert klaxon]
    Computers are fabulously useful because they’re tools of nearly infinite malleability (or ‘hackability’ if you must).  This, i believe, is exactly why you don’t want them in full (non-embedded) form having significant control over anything that’s “mission critical”.   this sounds like Battlestar Galactica paranoia, but it’s really only paranoia of other people.  so don’t want full blown control computers in my cars, or my voting booth.  …or military kill-bots for that matter. 

  8. The ODB port on my car is where I insert my “Return to the 36 Chambers” CD. The OBD port, however, is where the On-Board Diagnostics connection goes. Either way, my Saturn likes it rawwwww, yeah baby I like it rawwwww…

  9. The 1M’s N54 engine high-pressure fuel pump then failed a mile down the road, and all the thieves were arrested.

    -Former 1-series owner

  10. Boy, I feel better about how CCTV will help solve this crime – just look at all those usefully identifying shots of the thieves.

    Actually, it’s pretty amusing that the closes thing we get to a good identifiable shot of a thief is from his trying to obscure the camera.  If he’d just ignored it and gone on like it wasn’t there, there would be no shot of a single thief’s face in the whole thing.

  11. Of course, rather than trying to fix the problem, BMW are trying to blame European Union “right-to-repair” laws that require them to make certain software available to independent garages.

    1. A parking space in New York or London can cost more than a house in the suburbs.

Comments are closed.