Sunday, July 15, 2012

Watch Hackers Steal A BMW In Three Minutes

Stolen BMW 1M Coupe Video


There has been an unusual spike in the number of BMWs stolen in the UK this year, with some sources suggesting the number may be 300 cars or higher. The cars are being stolen without activating car alarms or immobilizers. The suspected method used involves the use of devices that plug into the car's OBD port and can program blank key fobs, leaving owners with keys to missing cars. Here's how they do it.


BMW sites and forums have been understandably alarmed about the issue, which is affecting all BMW series models, from the 1 to the X6. The essential theft process varies in detail, but all seem to have a fundamental methodology in common. First, the car is entered, either via nearby RF jammers that block the lock signal from the fob from reaching the car, or, more crudely, by breaking a window, as seen in the video in this post of the 1 Series being stolen.


In cases of the window break, the thieves seem to be exploiting a gap in the car's internal ultrasonic sensor system to avoid tripping the alarm. Once some sort of access to the vehicle is gained, the thieves connect a device to the car's OBD-II connector which gives them access to the car's unique key fob digital ID, allowing them to program a blank key fob to work with the car right then and there.

All cars sold in Europe must permit open and unsecured access to OBD codes, so non-franchised mechanics and garages may read the codes.


BMW is not the only car company to allow key code access through the OBD port, but the recent rash of BMW thefts, compared to other makes, suggests another factor may be at play, possibly a good supply of blank BMW key fobs.


Used key fobs are available, and can usually be reprogrammed for another car of the same model, and new blank fobs are available as well.

2 comments:

Tory said...

That is crazy! Here it takes a real locksmith an hour to get into my car, and these professionals can steal it in under 3 min!

Scott said...

It's reprehensible criminal behaviour, but you have to applaud the ingenuity of some of these thieves! Blocking RF signals of the immobiliser and coding a bogus car key all within a few minutes ... these guys SHOULD be auto-locksmiths and start earning an honest living!