Keyless Entry a Hacker’s Dream

Tuesday, July 10, 2012 @ 12:07 PM gHale


In the UK alone, BMW owners are seeing a hike in thefts this year. Why? Keyless entry is an open invitation for hackers to get in and abscond with the vehicle without the alarm going off.

On the car forum 1Addicts, a poster by the name of “stolen1m” uploaded a video showing how thieves stole his BMW in under three minutes. He said the thieves used devices that plug into the car’s On-Board Diagnostic (ODB) port to program a new keyfob.

RELATED STORIES
Botnet Masters Busted
Botnet Infects 6 Million Systems
Lulzsec Member Plead Guilty
Indicted: Access to Supercomputers

The person posting the video said “BMW doesn’t seem to want to admit they have a problem, even though over 300 cars have been stolen in March 2012 in a single UK county.”

In this particular video, there are a few security flaws the hackers are exploiting simultaneously: There is no sensor triggered when the thieves initially break the window, the internal ultrasonic sensor system has a “blind spot” just in front of the OBD port, the OBD port is constantly powered (even when the car is off), and it does not require a password. All of this means the thieves can gain complete access to the car without even entering it.

BMW said there is a problem, but is downplaying this particular issue by saying the whole industry struggles with stolen vehicles.

“The battle against increasingly sophisticated thieves is a constant challenge for all car makers. Desirable, premium-branded cars, like BMW and its competitors, have always been targeted,” a BMW spokesperson said. “BMW has been at the forefront of vehicle security for many years and is constantly pushing the boundaries of the latest defense systems.”

New cars, especially high-end ones, no longer require a physical key to insert into the ignition. The previous system evolved into being much more secure because it was two-tiered: Metal keys that also have a chip. This new system means stealing cars is extremely easy for the sophisticated criminal.



Leave a Reply

You must be logged in to post a comment.