A vulnerability in BMW's keyless ignition system allows thieves to make off with them in under three minutes, possibly via the engine's diagnostic systems. BMW's acknowledged something is amiss, but hasn't done much to fix the problem.
On the car forum 1Addicts, a one-time poster by the name of "stolen1m" uploaded the above video showing how his BMW was stolen in under three minutes. He suspects the thieves used devices that plug into the car's On-Board Diagnostic (ODB) port to program a new keyfob.
In this particular video, there are a few security flaws that the hackers are exploiting simultaneously: there is no sensor that is triggered when the thieves initially break the window, the internal ultrasonic sensor system has a "blind spot" just in front of the OBD port, the OBD port is constantly powered (even when the car is off), and last but not least, it does not require a password. All of this means the thieves can gain complete access to the car without even entering it.
BMW has acknowledged that there is a problem, but is downplaying this particular issue by saying the whole industry struggles with thievery. This is unfortunate given that the evidence seems to point towards BMWs being specifically targeted. Whether that's because they are luxury cars or because they have a security loophole doesn't matter: the point is BMW needs to do something about it.