Using our Security System To Combat Car Theft
BMWs and other high-end cars are being stolen by criminals using a £30 tool developed by hackers to fool the onboard security systems. This tool is capable of reprogramming a blank key, and allows non-technical car thieves to steal a vehicle within a few minutes. What we recommend.
On-board diagnostics (OBD) bypass tools are being shipped from Eastern Europe and China in kit form with instructions and blank keys, says a report linking the release of the tool to a spike in car thefts in Australia, Europe and elsewhere. Would-be car thieves need to grab the transmission between a valid key fob and a car before reprogramming a blank key, which can be used to either open the car or start it, via the OBD system.
OBD Port Theft Overview
Your BMW key comes with a computer chip and security code inside to make the car hard to steal. The common thief can’t steal your BMW, but in Europe, at least, hackers and thieves apparently have been able to subvert the car’s intrusion alarm to break in, then access the car’s OBD (on-board diagnostics) connector, collect easily decoded information on the key codes, program a new key, and drive away. Hackers are showing up flaws in car security the way other hackers have done in websites and corporate networks. BMW in the UK issued a vague statement saying smart thieves are a “constant challenge to all car makers.”
According to this recent Jalopnik piece posted on MSNBC’s Technolog, the car is entered, “either via nearby RF jammers that block the fob lock signal from reaching the car (preventing owners from securing their vehicles) or, more crudely, by breaking a window. … In cases of the window break, the thieves seem to be exploiting a gap in the car’s internal ultrasonic sensor system to avoid tripping the alarm.”
When the thieves get in — they hack into the vehicle key fob’s digital ID so that they can program a different fob to interact with the car. The hackers make that work by first connecting some kind of device to the soon-to-be stolen vehicle’s OBD-II connector, the MSNBC post said. Now listen up, Clifford and Viper fans — you can protect yourselves and make sure that you don’t suffer from the same speite of car theft. We asked our engineers and experts here for the best tips on just what these criminals are doing and how car owners can fight back against them. They told us:
1. In order to steal a car, the thief doesn’t need to reprogram the key right away. The criminal just needs to bypass the vehicle immobiliser quickly using potentially bulkier equipment — and drive away. Key reprogramming can be dealt with later at a secure location with less time constraint (let’s say 15-30 minutes).
2. BMW security has a hole: It employs a relatively weak, 48-bit Hitag system that can be hacked in under 3 minutes using computer hardware. There is also a known weakness in the randomisation of the security key and its dependency on the CAS dump (one of the vehicle’s modules). In other words, all components for a system are available on the Internet and putting the system together does not require a lot of technical skill.
Our experts were quite sure that BWM engineers are well aware of these shortcomings and are working on tighter the security and probably on upgrading their encryption method as well. That will address BMW’s security issue — but also will make any key-cracking job harder.
3. In order to deploy such a system, one needs to bypass the vehicle alarm system. The OEM one-way security is susceptible to jamming while more sophisticated Clifford car alarm systems provide real-time status feedback and have additional sensors, etc.
Get connected to your vehicle and get ahead of the criminals: Thieves will always find a way to get into your car – what you need is real-time awareness of when/where someone tries to violate your vehicle.