You’ve recently spent $64,000 on your flash new BMW with keyless entry. But when you wake up one morning, you discover, in a different kind of flash, that it’s gone, stolen by hacker thieves who used the car’s keyless feature to pinch your luxury ride.
This is the reality for a growing number of BMW owners in the United Kingdom who have recently become victim to a spate of thefts, thanks to a couple of security vulnerabilities in the car’s systems. One BMW owner posted a surveillance video of the thieves taking off in the night with his car (see the video above).
The owner, who posted the video at 1addicts.com, suspects the thieves broke the glass to access the BMW’s on-board diagnostics port (OBD) in the footwell of the car, then used a special device to obtain the car’s unique key fob digital ID and reprogram a blank key fob to start the car. It took less than 3 minutes to accomplish the feat. (That said, despite their sophistication, the thieves were, comically, unable to thwart the surveillance cameras, though they tried.)
Below is a video showing how a key fob can be programmed to start a BMW.
Jalopnik reports that BMW thieves are likely exploiting a gap in the car’s internal ultrasonic sensor system to avoid tripping its alarm when they access the car.
But there’s another security flaw in play. The OBD system doesn’t require a password to access it and program a key fob. According to Jalopnik, this is a requirement in Europe so that non-franchised mechanics and garages can read the car’s digital diagnostic data.
BMW told Jalopnik that the problem is industrywide and not unique to its cars.
“We are aware of recent claims that criminal gangs are targeting premium vehicles from a variety of manufacturers,” the company said in a statement. “This is an area under investigation. We have a constant dialogue with police forces to understand any patterns which may emerge. This data is used to enhance our defence systems accordingly. Currently BMW Group products meet or exceed all global legislative criteria concerning vehicle security.”