- Joined
- Oct 13, 2017
- Points
- 64
- Location
- Llandrindod Wells, Powys
- Model of Z
- Z4 SDrive 23i M Sport 2.5Ltr. H.T Convertable
Hi all,
I found this article in Computer Shopper by David Ludlow the other day and thought it may be a useful warning to all BMW owners, be they Z3, Z4 or the 'hoi polloi'
. The Editor, Madeline Bennett, kindly gave permission to use it on our forum
I'm not sure what model David has other than a BMW:
I came out of my house the other day to find that my driver's side door hadn't been closed properly. This was strange, as I'd definitely closed it and had absolutely locked the car the day before. Grabbing the keys, the remote no longer responded, and jumping in the car, it wouldn't start.
Looking down, the light switch had been turned from automatic mode to off, and the flap for the OBD port (used for diagnostics) was open. My spider sense was tingling, but at this point my thought was that the battery was dead.
Out comes the charger. Nothing. So, I call a breakdown service who check the battery: full charge on it. Explaining about the open OBD port, the breakdown guy immediately says, "Someone's tried to clone your car key and steal the car."
Plugging in his OBD reader, my car fails to respond to anything; the computer has been corrupted in the attempt to steal the car. So, I call the BMW garage and explain the situation, where I'm told that this has happened to other customers before and they've seen it a few times. In all likelihood, the fix is to replace the Car Access System (CAS) and keys, all for the tune of over £1,000.
So, what happened? Looking online, as my car has comfort access (you just stand next to it with the key), the most likely explanation is that the thieves used an amplifier. Placing one person next to the house to pick up the signal from the key, the thieves transmit the signal to another person standing next to the car and they're in. It's an attack that works against multiple brands, so it's not a BMW-only issue.
Once inside the car, a laptop was plugged into the OBD port, with software attempting to hack the CAS and create a brand-new key so that the car could be driven away. In this case, either the thieves were interrupted and yanked out the laptop before the key could be created, or the software just corrupted the car's systems. Either way, the car was so dead that it had to be picked up and put on the back of a flatbed truck, as there was no way of starting it.
Hi-tech thieves seem to be one step ahead of the car manufacturers, and the fact that they can get into a car without the keys and clone new ones is terrifying and simply shouldn't happen. For starters, the OBD port probably shouldn't be live if there's no key in the ignition.
And, why not have two-factor authentication on any firmware updates or attempts to write a new key? Surely, the owner could be sent a unique one-off code to prevent this kind of attack, providing the information to a garage when needed. Or, car companies could provide a code generator, as banks do, that ships with the car and is kept securely inside. Amplification attacks shouldn't work, either, and should have been accounted for when the cars were built.
The solution, for now, is to wrap the key in tinfoil to prevent it from transmitting, and to use a steering wheel lock as an additional, visual form of protection. That's, frankly, useless and car security needs to dramatically improve.
I certainly agree with the last sentence, and wondered if anyone else has had a similar experience?
Colin.
I found this article in Computer Shopper by David Ludlow the other day and thought it may be a useful warning to all BMW owners, be they Z3, Z4 or the 'hoi polloi'
. The Editor, Madeline Bennett, kindly gave permission to use it on our forumI'm not sure what model David has other than a BMW:
I came out of my house the other day to find that my driver's side door hadn't been closed properly. This was strange, as I'd definitely closed it and had absolutely locked the car the day before. Grabbing the keys, the remote no longer responded, and jumping in the car, it wouldn't start.
Looking down, the light switch had been turned from automatic mode to off, and the flap for the OBD port (used for diagnostics) was open. My spider sense was tingling, but at this point my thought was that the battery was dead.
Out comes the charger. Nothing. So, I call a breakdown service who check the battery: full charge on it. Explaining about the open OBD port, the breakdown guy immediately says, "Someone's tried to clone your car key and steal the car."
Plugging in his OBD reader, my car fails to respond to anything; the computer has been corrupted in the attempt to steal the car. So, I call the BMW garage and explain the situation, where I'm told that this has happened to other customers before and they've seen it a few times. In all likelihood, the fix is to replace the Car Access System (CAS) and keys, all for the tune of over £1,000.
So, what happened? Looking online, as my car has comfort access (you just stand next to it with the key), the most likely explanation is that the thieves used an amplifier. Placing one person next to the house to pick up the signal from the key, the thieves transmit the signal to another person standing next to the car and they're in. It's an attack that works against multiple brands, so it's not a BMW-only issue.
Once inside the car, a laptop was plugged into the OBD port, with software attempting to hack the CAS and create a brand-new key so that the car could be driven away. In this case, either the thieves were interrupted and yanked out the laptop before the key could be created, or the software just corrupted the car's systems. Either way, the car was so dead that it had to be picked up and put on the back of a flatbed truck, as there was no way of starting it.
Hi-tech thieves seem to be one step ahead of the car manufacturers, and the fact that they can get into a car without the keys and clone new ones is terrifying and simply shouldn't happen. For starters, the OBD port probably shouldn't be live if there's no key in the ignition.
And, why not have two-factor authentication on any firmware updates or attempts to write a new key? Surely, the owner could be sent a unique one-off code to prevent this kind of attack, providing the information to a garage when needed. Or, car companies could provide a code generator, as banks do, that ships with the car and is kept securely inside. Amplification attacks shouldn't work, either, and should have been accounted for when the cars were built.
The solution, for now, is to wrap the key in tinfoil to prevent it from transmitting, and to use a steering wheel lock as an additional, visual form of protection. That's, frankly, useless and car security needs to dramatically improve.
I certainly agree with the last sentence, and wondered if anyone else has had a similar experience?
Colin.
