My 6 month old AW 1M was stolen from my drive last night. Despite my best attempts to deter them, with CCTV and a house alarm, they managed to steal it in just under 3 minutes at 2am.

Luckily the CCTV caught them, the Police now have it so fingers crossed.

Just really to let you all know how they did it. BMW have identified a 'black spot' in the car's alarm on the inside of the car. Apparently this is on the passenger side, but on the 1M it appears to be on the driver side.

They smashed a small area of the driver door glass near to the wing mirror, put their hand down to the ECU in the footwell (in the black spot) then plugged in a device that can then 're-program' ANY BMW keyfob with the Radio Frequency of the car they are stealing and make that key the car key.

One of them then got in the car, released the handbrake and three of them pushed it off the drive and down the road where I guess they started it and hopefully wrapped themselves around a tree and slowly killed them in a fireball.

On the plus side I have GAP insurance, and also a set of brand new Michelin Pilot Super Sports for the rear so if anyone wants to brighten my week and buy them off me for what I paid (£600) please PM me.

Hope you all enjoy yours as much as I did mine. 6 months of pure pleasure, I wont be buying another as It will just happen again, so until I have the house in the country with a garage, I wont be buying another!

Siena: Not sure how the Crypto codes work in BMW's. But I do know that Audi, Mercedes-Benz, Volkswagen and Porsche use Rolling Codes. Which means the code generated by the key fob is different with each ignition cycle. And the RFID signal to lock and unlock the door is different with each press of the button. Unless BMW is running Static Code (which I find hard to believe) the tools currently available commercially will be useless.

Audi have gone further, in addition to Rolling Codes, with Fingerprint Recognition. The owner's finger, thumb or both are programmed when the car is ordered from new. Without this print, the car ain't starting.

I wonder what year of BMW are being stolen by the codes being read? As far as I'm aware, the code readers pick up RFID signals for locking and unlocking the car, very different to the Crypto Transponder (TX) that the IMMO (RX) reads from the Crypto chip in the base of the key fob.

...The device mentioned earlier in this thread doesn't code the key to the car, it codes the car to the key - it adds the key to the CAS as an accepted key which then opens and starts the car as normal. You can code one key to multiple cars in this manner. The key is in effect "solid state" and can't be re-coded or given a new identity, and doesn't need to be.
It is almost exclusively M-sport trim vehicles being taken. Diesels are very commonly stolen, along with all points of the model ranges. Premium specs are seemingly targeted like 335i's, 335d's but again without knowing the relative sales numbers its hard to know what's significant. 120d's, 5 series of all engine variants are going just as regularly so it's by no means only big engined or the most powerful cars being sought by thieves (but nice trim and spec ones and left hand drives do certainly seem to be more nickable)
Vehicles 2006 to present are affected, so long as it's an 'electronic' key without a physical ignition barrel. 2006-2009 seem worst hit. Again one assumes becuase it's parts demand driving theft and there's less parts demand for brand new cars.
...

Sorry, [b]I nearly forgot the important bit, which is of course the Crime Prevention advice:
1) Park somewhere overlooked and garage the car if you can.
2) Disable the OBD port in some cunning way.
3) Use additional physical security such as a steering wheel lock.
4) Consider additional and aftermarket immobilisers/trackers. Something perhaps that cuts fuel and is independant of the keyed ignition. Sadly I think this kind of security may become an necessity from an insurance point of view as time wears on.[/b]

Lilspicer: Abeg hw me i go tak steal papa iyabo keke napepe him to dey use am mak noise for ma area

Lilspicer: Abeg hw me i go tak steal papa iyabo keke napepe him to dey use am mak noise for ma area

Lilspicer: Abeg hw me i go tak steal papa iyabo keke napepe him to dey use am mak noise for ma area

Josh316: Abeg, what about Hondas and Toyotas from 2003 and above? I thought they too use sensor keys? i hope it doesnt become possible here, else, na die o!

Doesn't really matter in Nigeria - if armed robbers want your car, you just get stopped, flung out of your car, they get in and zoom off!

Siena: Not sure how the Crypto codes work in BMW's. But I do know that Audi, Mercedes-Benz, Volkswagen and Porsche use Rolling Codes. Which means the code generated by the key fob is different with each ignition cycle. And the RFID signal to lock and unlock the door is different with each press of the button. Unless BMW is running Static Code (which I find hard to believe) the tools currently available commercially will be useless.

Audi have gone further, in addition to Rolling Codes, with Fingerprint Recognition. The owner's finger, thumb or both are programmed when the car is ordered from new. Without this print, the car ain't starting.

I wonder what year of BMW are being stolen by the codes being read? As far as I'm aware, the code readers pick up RFID signals for locking and unlocking the car, very different to the Crypto Transponder (TX) that the IMMO (RX) reads from the Crypto chip in the base of the key fob.

Denn: i think the codes for BMW are not static. motion sensors are in BMWs (even as late as 2000 models) and am surprised why an area as key as the OBD port is not covered by this sensor beam (as per the black spot post).

i have always had a pride that my BMW cant be stolen except you snatch my key but am beginning to have doubts.

erico2k2:
All cars can be stolen bro, its not the cars just the computer get hacked, the have a reprogram tool

Siena: Not sure how the Crypto codes work in BMW's. But I do know that Audi, Mercedes-Benz, Volkswagen and Porsche use Rolling Codes. Which means the code generated by the key fob is different with each ignition cycle. And the RFID signal to lock and unlock the door is different with each press of the button. Unless BMW is running Static Code (which I find hard to believe) the tools currently available commercially will be useless.

Audi have gone further, in addition to Rolling Codes, with Fingerprint Recognition. The owner's finger, thumb or both are programmed when the car is ordered from new. Without this print, the car ain't starting.

I wonder what year of BMW are being stolen by the codes being read? As far as I'm aware, the code readers pick up RFID signals for locking and unlocking the car, very different to the Crypto Transponder (TX) that the IMMO (RX) reads from the Crypto chip in the base of the key fob.

Slyr0x: This is a video of a £43,000 BMW 1M Stolen at 3am in 3 minutes without keys


https://www.youtube.com/watch?v=YLHo-GYG25Q


BMWs and other high-end cars are being stolen by unskilled criminals using a $30 tool developed by hackers to hack the onboard security systems. The new tool is capable of reprogramming a blank key, and allows non-techie car thieves to steal a vehicle within two or three minutes or less.

On-board diagnostics (OBD) bypass tools are being shipped from China and Eastern Europe in kit form with instructions and blank keys, says a news report linking the release of the tool to a spike in car thefts in Australia, Europe and elsewhere during 2012. Would-be car thieves need to grab the transmission between a valid key fob and a car before reprogramming a blank key, which can then be used to either open the car or start it, via the OBD system.

"Crooks only need to monitor a person using the key or interrogate the key fob to get enough information to decipher the key," explained Professor David Stupples, of the centre for cyber security sciences, at London's City University.

Weak cryptography combined with a security-through-obscurity approach in the OBD specification allows the tactic to succeed.

Police in the UK have also begun warning about the approach, which was highlighted by a recent BBC Watchdog investigation.

In response, BMW told the BBC that the carjacker/hacker technique was developed after its cars were designed and was limited to "older" BMW models – those built before September 2011.

The German car giant added that the issue was not limited to BMW, and promised to help mitigate the attack, in a statement published last Wednesday.

BMW prides itself on its vehicle security systems and all BMWs meet all UK and global security standards. Our engineers and technicians review all aspects of our vehicles constantly, including security systems.

After extensive research we are clear that none of our latest models - new 1 Series Hatch, 3 Series, 5 Series, 6 Series and 7 Series - nor any other BMW built after September 2011 can be stolen using this method. However, as a responsible manufacturer we are looking at ways of mitigating against this new kind of attack.

A spokesman for the Society of Motor Manufacturers and Traders, the UK trade association, said it was aware of the issue but wasn't able to say how many other manufacturers were involved. "BMW [is] updating its systems and it could well be that other manufactures will do something similar," he said, adding that although SMMT was working with UK police forces on the issue it didn't have any information to hand on the scale of the problem.


http://packetstormsecurity.org/news/view/21505/BMWs-Can-Be-Stolen-With-30-Worth-Of-Gear.html

::gsmcoder:::
hahaha when I tell kid programmers that cryptography is not an infinitesimal the doubt.
This 100% possible. I reversed a neighbour's cpa keys after tapping from trabsmitted signal
and enjoyed what he enjoyed.

Good job hackers.

erico2k2:
These guys can decode any car, they are targetting xpenssive BMWs at the moment