Forgot your password?
typodupeerror
Security Crime Transportation Technology

BMW Cars Vulnerable To Blank Key Attack 291

Posted by timothy
from the now-that-is-a-catchy-slogan dept.
Techmeology writes "Thieves have discovered how to steal BMW cars produced since 2006 by using the onboard computer that is able to program blank keys. The device used — originally intended for use by garages — is able to reprogram the key to start the engine in around three minutes. The blank keys, and reprogramming devices, have made their way onto the black market and are available for purchase over the Internet."
This discussion has been archived. No new comments can be posted.

BMW Cars Vulnerable To Blank Key Attack

Comments Filter:
  • by Googlefu (2729517) on Thursday September 13, 2012 @10:13AM (#41323271)

    Not only would Google's self-driving car be vulnerable to this attack, it would start driving around itself! And you would be responsible for everything the hacked vehicle did.

    I agree with the previous note. It raises some very interesting points and why Google's self-driving cars would be bad. Just imagine if someone hacked your car and it ran over someone.

    • by Krneki (1192201) on Thursday September 13, 2012 @10:15AM (#41323311)
      It can happen yes, but what is more likely to happen an incompetent/drunk driver running you over or a hacked AI car?

      AI car will not be perfect, but I'm sure as hell they will be much better then the regular Joe.

      • by Googlefu (2729517) on Thursday September 13, 2012 @10:20AM (#41323377)
        If they can't even get "little" details like car locks working, how is full-driven AI going to be any better?
        • by Krneki (1192201) on Thursday September 13, 2012 @10:26AM (#41323483)
          It's security vs ease of use. Maybe they hopped no one would bother, now they know it and the next model will be more secure. The thing about science is that is moving on, while human driving is not.
          • by Pieroxy (222434) on Thursday September 13, 2012 @11:46AM (#41324609) Homepage

            It's not security vs ease of use. It the proof that you should not let a hardware company reinvents itself as a software company. At least not for critical stuff. Whether the car lock is critical or not is another debate.

            Look at drivers for printers or scanners, or GC to see that hardware companies have no shame at all when it comes to releasing software that any software developer would qualify as a pile of smoking shit.

        • by geekoid (135745)

          Engineering.

      • by Joce640k (829181) on Thursday September 13, 2012 @10:51AM (#41323901) Homepage

        AI car will not be perfect, but I'm sure as hell they will be much better then the regular Joe.

        I can tell you're not a lawyer...

    • by Anonymous Coward on Thursday September 13, 2012 @10:20AM (#41323381)

      Why would you be responsible?
      Are you responsible when someone steals a normal car?

    • It raises some very interesting points and why Google's self-driving cars would be bad. Just imagine if someone hacked your car and it ran over someone.

      Depending on who it runs over, this could be a feature rather than a bad thing.

    • by daem0n1x (748565) on Thursday September 13, 2012 @10:55AM (#41323969)

      Just imagine if a locomotive boiler explodes and kill someone. Steam trains are bad. We should use horses.

      Just imagine if a house falls down and people get crushed. Houses are bad. We should live in caves.

      Just imagine if your laptop explodes and you die. Laptops are bad, we should use abacuses.

    • If a self driving car makes a mistake, then it is an industrial accident. We already have laws for that situation.
    • No.

      It's a very, very different thing to get a computer to:
      a) Do something it's programmed to do (like start up and drive around safely), but for the wrong person.
      b) Do something it has NOT been programmed to do (drive unsafely).

      You can't just conflate the two with "hacking the system", as they are COMPLETELY different physically, electronically, logically and mathematically.

  • by Psicopatico (1005433) <psicopatico@acca ... elrutto.zzn.com> on Thursday September 13, 2012 @10:18AM (#41323349)
    FTFA:

    Amazingly, the blank keys and the device are both available to buy at a bit of a price on the internet.

    And the question is: how many BitCoins does those cost?

  • Ford Comparison (Score:2, Interesting)

    by Anonymous Coward

    I know ford around the same era required other valid keys to be present when the new key was programmed. I'm surprised BMW didn't have a similar requirement

    • Re:Ford Comparison (Score:4, Insightful)

      by TWX (665546) on Thursday September 13, 2012 @10:28AM (#41323519)
      I'm not surprised.

      Essentially no one thinks about security, or more accurately, while one team is thinking about security, another team is thinking about something that totally and completely bypasses that security.

      And as for Ford, there was an article in Wired several years ago about the possible failure of immobilizer systems in various Ford/Lincoln vehicles.

      In my opinion, if there's a legitimate way to make the vehicle move, there's a way to make the vehicle move. If you don't want the vehicle to move then you need to remove something from it that makes it move, preferably something that a thief wouldn't normally bring with them, like a coil wire on a vehicle with a distributor, or a fuel pump relay or ASD relay, or something like that. Come to think of it, one could probably relocate such a relay to the passenger compartment to allow one to use the relay itself like a key, removing it to immobilize the vehicle.

      Either way though, relying on an electronic means from an automaker is foolish.
      • Re:Ford Comparison (Score:4, Interesting)

        by mlts (1038732) * on Thursday September 13, 2012 @10:33AM (#41323607)

        There is that, or use security by obscurity. For example, on Ford PATS systems, one can put a switch in on the circuit of the ignition antenna which reads the key's RFID chip.

        Flip the switch, and even if a thief was able to clone a 40 (S) or 80 bit (SA) PATS key, they will still be stuck scratching their head as the ignition still wouldn't start.

        Of course, this doesn't mean that the thief will not resort to vandalism, but it will mean the vehicle most likely will remain in the same spot unless towed.

        • An excellent example of physical security...and how physical security will trump electronic security every time. Just ask the crew of the Battlestar Galactica.
        • Re:Ford Comparison (Score:5, Interesting)

          by Lumpy (12016) on Thursday September 13, 2012 @11:28AM (#41324423) Homepage

          Why so complicated? a simple $3.29 switch that interrupts the power to the fuel pump. Works on 99.98765% of all cars and will foil any thief.

          Flip switch under seat, and leave the car. Thief tries to start car and it acts like it is out of gas. No thief will look under the seat for a switch they have less than 30 seconds to get in and get the car moving or they risk getting caught, so if they cant do a fast smash and grab they move on.

          • by 0123456 (636235)

            Someone did this in one of my old cars before I bought it. Worked OK until the switch burned out and the car wouldn't start. That left me sitting at the side of the road pulling wires out from under the dashboard, which lead to an interesting conversation with the police when they drove past...

        • Re:Ford Comparison (Score:5, Insightful)

          by 19thNervousBreakdown (768619) <davec-slashdot@l ... t ['per' in gap]> on Thursday September 13, 2012 @12:18PM (#41324965) Homepage

          Or security by economy of effort. As it is, it takes 2 minutes to access the port to reprogram keys. If that port and its wires were buried in the engine so that you had to put the car on a lift and take it half apart to access, they'd move on to easier targets.

          Being able to create duplicate keys from the car itself is great. The lock doesn't have to be unbreakable, just more trouble to break than it's worth.

      • by swb (14022)

        I've seen this technique used before. A landscaper I knew had a hidden key lock than interrupted the electronics on a Bobcat, and my dad's business had some numeric keypad switches that did the same thing installed in some of the business cars they had.

        The keypad would be easy to defeat if you had a shop and could trace the wires, but the keypad itself had a bunch of wires in/out that couldn't just be randomly spliced by a thief. I think there might have been some other module under the hood, too, that

    • by rwise2112 (648849)
      I remember a while back, you could unlock Fords remotely with a Palm Pilot app.
      • by Joce640k (829181)

        I remember opening a friend's Peugeot with my HP200LX [wikipedia.org] and a TV remote control emulator.

        The keys used an infra-red system with a receiver above the rear view mirror.

        • by Obfuscant (592200)
          A friend of mine has a van that can be opened up with a magnet held at the lower right corner of the rear window. It's the "magic key" system they installed in his handicapped accessible van that opens the side door. Freaked him out when I pulled a magnet out of my pocket one day and opened his door for him.
    • I know ford around the same era required other valid keys to be present when the new key was programmed. I'm surprised BMW didn't have a similar requirement

      This isn't the same thing. You're talking about a consumer being able to program their own key. Typically, you have to have two valid keys to program a third, so a valet can't do it with one key. But cars typically come with only two keys. If you lose one, you can't program a new one yourself. You have to take it to a dealership who has a backdoor to program more keys through the CAN network. The BMW theives are exploiting this backdoor. Some of these details vary a bit for maker to maker, model to m

  • No more waiting around for a dog to crap out the 'laser encoded' keys he ate.
    Oh, and i know Nick Cage sucks, but thats my girls favorite movie and it always makes her horny. So yeah, I have seen it too many times.
  • In other news: (Score:5, Insightful)

    by AtomicDevice (926814) on Thursday September 13, 2012 @10:21AM (#41323407)

    Highly advanced cyber-thieves discover method to steal cars with a coat hanger and a screw driver! Everyone cower in terror!

    Not that this isn't dumb security on BMW's part, but the thing keeping people from stealing your car is their conscience and the police, not your hyper-powerful super-locks. They might keep some dumb teenagers out of your car, but not car thieves who buy blank keys on the black market and learn to reprogram them.

    • Re: (Score:3, Insightful)

      by rot26 (240034)
      PREVENT crime?

      You're thinking of some organization other than the police. They're just there to fill out the paperwork afterward.
    • Re:In other news: (Score:4, Interesting)

      by dywolf (2673597) on Thursday September 13, 2012 @10:33AM (#41323609)

      Why I rarely bother to lock my car. Granted its an older model. Truth is, ya, a determined theif will steal the car about as quickly as I can unlock the door and start it normally with the key. Most people aren't so motivated, and governed by basic morals. As long as the key isnt in the car, and there's nothing worth stealing in the car, and I'm in a reasonably low crime area, the car is gonna be fine in all likelihood. Just as well since hte lock has started acting finicky about 6 months ago. I really need to take it apart and degrime it with some WD or something.

      • Re:In other news: (Score:5, Interesting)

        by 54mc (897170) <samuelmcraven @ g mail.com> on Thursday September 13, 2012 @10:36AM (#41323663)
        I stopped locking my car for a similar reason. Nothing in my car is worth more than the cost of a broken window. I will say that I've lost a few jackets I've left in there during the winter, but, as I said, they were a lot cheaper than a new window.
        • Re: (Score:3, Insightful)

          by Anonymous Coward

          Yes, but do you think the crook would have broken a window to get your coat?

      • by gstoddart (321705)

        Why I rarely bother to lock my car. Granted its an older model. Truth is, ya, a determined theif will steal the car about as quickly as I can unlock the door and start it normally with the key.

        A truly motivated and resourceful criminal would just show up with a tow truck. Nobody would even look at a tow-truck taking away a car.

        But, the locks keep the casual/incompetent ones away.

        Though, years ago I used to have a Jeep ... my friend pointed out that locking it was futile because it was basically a tent on w

        • +1 Tow truck theft

          That's how I lost my first car (a VW Beetle that would stall at any stop light unless you gently caressed the gas pedal with your toe while keeping the brake down with your heel). Security guard didn't pay any attention to the seemingly legit tow truck that hauled it away...

      • Re:In other news: (Score:5, Informative)

        by afgam28 (48611) on Thursday September 13, 2012 @11:45AM (#41324607)

        When the car makers all started to introduce engine immobilizers, the rate of car thefts plunged. (An immobilizer is a device that prevents hot wiring)

        If your reasoning was true then immobolizers would not have had any effect.

        Yes a determined and well equipped theif will always find a way in. Unfortunately, most vehicle thefts are opportunistic crimes, and it is definitely worth trying to prevent that by locking your car.

        • by dywolf (2673597)

          mean the little proximity things? never owned one. and the stories of thieves just snatching out of your hand or shoving you into the car and taking off amuse me. but lotta cars still dont have em, like me wifes new (to us) 2009 jeep. still bypassable from all that i ever read about em. after all, shit happens and you gotta be able to start it somehow. and that knowledge spreads. its not some miracle tech.

          and define worth it? whats the worth is taking time to stop something that simply isnt going to happen

    • Re:In other news: (Score:4, Interesting)

      by jeffmeden (135043) on Thursday September 13, 2012 @10:36AM (#41323655) Homepage Journal

      Highly advanced cyber-thieves discover method to steal cars with a coat hanger and a screw driver! Everyone cower in terror!

      Not that this isn't dumb security on BMW's part, but the thing keeping people from stealing your car is their conscience and the police, not your hyper-powerful super-locks. They might keep some dumb teenagers out of your car, but not car thieves who buy blank keys on the black market and learn to reprogram them.

      The seemingly odd thing is that there are other implementations that work the same way (I have seen this done to Honda cars many many times) but don't suffer from this kind of attack, since the car computer purposefully responds very very slowly to the reprogram command. Leave it to those hyper-efficient Germans to think that reducing the time required was a good thing.

  • by Joe_Dragon (2206452) on Thursday September 13, 2012 @10:22AM (#41323415)

    and after the fix all work must be done dealership

  • by sinij (911942) on Thursday September 13, 2012 @10:27AM (#41323487) Journal
    Cars are expected to last at least 10 years, many last much longer, well into mid 20s.

    Such timescales are 'forever' in the sense of IT security. Just look at 'recent' examples - WEP was rolled out around 2000 and is now broken in just a couple minutes. Most cars made in 2000 are still on the road.

    I'd go as far as saying that it is impossible to secure your car for its expected useful life without the use of physical security.
  • by nweaver (113078) on Thursday September 13, 2012 @10:27AM (#41323509) Homepage

    (Since its a duplicate post, I'm going to include my reply from the last time it was posted)

    The basic design flaw is how key duplication/recovery is handled.

    On my motorcycle (a Concours 14 with keyless ignition), to program a new key you need an existing key, to tell the computer "hey, this is the new key to use". The disadvantage is, naturally, if you lose all your keys, you need to replace the computer!

    But its better than the alternative. On the BMW, all you need to do is plug into the OOBDII port and tell the computer "Here is the new key". This means if you lose all your keys, you don't have to buy a new computer... But it also means that anyone who can break into the car can create a key and drive off.

    • by mlts (1038732) *

      Ford is similar to the Concours -- to add a new key, you need two existing keys to the system.

      Of course, if one loses a key, one can get a programmer for a Ford. However what the vehicle does to slow down a thief who has two cut keys is force a 10 minute wait cycle until security functions are accessible. Then keys can be added and removed.

      The wait time isn't perfect -- someone's car that is tucked away somewhere remote can be accessed, but compared to having to replace the computer [1], it is a decent co

    • No, it's worse (Score:4, Informative)

      by dutchwhizzman (817898) on Thursday September 13, 2012 @10:45AM (#41323809)
      All you have to do in the BMW is to tell te computer "This is a blank key, please put one of the legible, unencrypted 10 passwords you have in you on the blank key". The other keys already issued would still work and you could even program keys with them as well, just not using the car itself.
    • by Lumpy (12016)

      Whoever told you that lied. You can get new keyfobs programmed at the dealer if you have no keys.

  • by cupantae (1304123) <maroneill AT gmail DOT com> on Thursday September 13, 2012 @10:28AM (#41323513)

    They cost between 17,000 and more than 100,000 thousand pounds.

    £100,000,000 is too much for any car, let alone one that allows anyone to steal it.

  • ....like my personal favorite, the 2002. Sure, it can still be stolen using much less sophisticated equipment, but its arguably cooler than many of the modern iterations and a lot easier on your checkbook.

    • by sinij (911942)
      Love 2002, much better than 1 and 3 series cars offered today.

      I own multiple classic cars, but for your typical "must start every morning" commute use they are not practical. Plus, you have to be technically inclined or filthy rich to keep them on the road.

      If you are kind of person that never changed their own oil - classic/vintage cars are not for you.
    • Re:Buy vintage BMWs! (Score:4, Informative)

      by Pope (17780) on Thursday September 13, 2012 @11:35AM (#41324495)

      Hell, the old R series motorcycles from the late 60s/early 70s had ONE key for every model! Want someone else's R60? Just use your key and start 'er up.

    • by cvtan (752695)
      Love my '72 2002tii touring!
  • Push comes to Shove all you need to steal a car is a FlatBed Wrecker with an optional Crane.

    Now this is STUPID since it enables you to not need to get to extreme methods to steal a very pricey car.

  • All you need to stop this is a car alarm and a .357 magnum.

    • by Lluc (703772)

      All you need to stop this is a car alarm and a .357 magnum.

      You really just need the .357 magnum -- if you shoot the car enough times in the correct place, I guarantee a thief will not be able to drive it away.

    • I have both.

      However it is not legal or justified to kill a car theif for taking your car (even if it is an expensive BMW). It is just property, and killing over it will give you 1) a huge lawyer bill that far exceeds your insurance deductible, and 2) about 15-30 years to think quietly about what you've done (in prison).

      The only exception would be something like a carjacking, when your life and safety are physically threatened, and you're in immediate and grave danger (maybe the guy is going to kill you as

  • by SternisheFan (2529412) on Thursday September 13, 2012 @01:02PM (#41325417)
    True story. Some years back in N.Y.C. thieves stole a restored vintage car, not knowing the owner had installed his own homemade anti-theft deterrent system. As they're tooling around in Manhattan, the thief who's driving sees a large unlabled red button mounted all by itself in the dash. The guy says to his buddy, "Hey,I wonder what this does...", and presses it. In the middle of a block the engine shuts down, the horn blares, and the car's lights keep flashing on and off. Unable to restart it, the thieves abandon the car, and that owner was laughing when he got it back, unscathed, the same day. So this story shows how you don't always need an expensive complicated alarm system to get the job done.

In any formula, constants (especially those obtained from handbooks) are to be treated as variables.

Working...