Be careful if you own a newer BMW or car with wireless smart key.

RobotWorkshop

I just read about this exploit for a BMW using their smart keys. This particular hack doesn't affect me since I don't own one. Makes you wonder how soon someone will come up with one to unlock on-star cars, etc.

http://www.theregister.co.uk/2012/09/17/bmw_car_theft_hack/

In the meantime I guess a good old fashioned kill switch hidden somewhere would help....

xanadu

"Would-be car thieves need to grab the transmission between a valid key fob and a car before reprogramming a blank key"

I wonder how far away you need to be?

Actually, nevermind because when you're at the dealership the key readers are like 2' apart from eachother so my guess is they would need to 'borrow' your car first, then bring it back and then steal it haha.

mindrobots

I have a Nissan with the keyless fob and the range is pretty short on them. If I'm at the driver's door, someone can't open the trunk and likewise if I'm at the trunk. It seems for the Nissan codes to get copied, someone would need to be invading your personal space and probably pretty noticeable.

SRLM

I have a Mitsubishi with a wireless fob, and there's two types of wireless transaction:
1. The traditional remote lock/unlock of the doors, by pressing a button on the fob.
2. A localized car->fob query for authorization.

I think it's #2 that the article is talking about. I can go up to my car door and press a button on the handle. If I have a key in my pocket then the door unlocks. Likewise, when I'm sitting in the driver seat if I turn the ignition (without a key in it) the car first checks for the presence of the key inside of a certain region. In any case, the key needs to be within 3-4 feet of the car. So maybe it's safe(r) from hacking simply because you have to get so close.

xanadu

SRLM wrote: »

I have a Mitsubishi with a wireless fob, and there's two types of wireless transaction:
1. The traditional remote lock/unlock of the doors, by pressing a button on the fob.
2. A localized car->fob query for authorization.

I think it's #2 that the article is talking about. I can go up to my car door and press a button on the handle. If I have a key in my pocket then the door unlocks. Likewise, when I'm sitting in the driver seat if I turn the ignition (without a key in it) the car first checks for the presence of the key inside of a certain region. In any case, the key needs to be within 3-4 feet of the car. So maybe it's safe(r) from hacking simply because you have to get so close.

Yeah it seems #2 is what they mean.

I willing to bet BMW didn't make it any better or secure because they know how close someone would need to be to do it and figured if they're that close they could just take the original keys anyway.

SRLM

I wonder how they do it? Assuming #1 is secure (otherwise, every car would be a target) then how do they get the #2 communication? When I lock my car, it's always with #1 while I'm walking away. I only use #2 when I'm going to the car, so they couldn't steal it then.

xanadu

SRLM wrote: »

I wonder how they do it? Assuming #1 is secure (otherwise, every car would be a target) then how do they get the #2 communication? When I lock my car, it's always with #1 while I'm walking away. I only use #2 when I'm going to the car, so they couldn't steal it then.

You'd have to be between the FOB and the car while the two were communicating. People grab card numbers at ATMs by attaching devices to it, I guess the cars that were stolen had the same thing done.

SRLM

xanadu wrote: »

You'd have to be between the FOB and the car while the two were communicating. People grab card numbers at ATMs by attaching devices to it, I guess the cars that were stolen had the same thing done.

Why would you have to be between the car and the fob? I don't have to point the fob at the car, which implies that it's omnidirectional.

As far as the ATM goes they either attach a device to the card reader that directly reads the card, or they put a camera pointing down to read the numbers and the PIN. Are you suggesting that they attach scanner/tracker type devices to target cars, and follow them home?

MacTuxLin

Just early this year, a major local bank was attacked such ATM card stealing activities. What they did was somehow attached a mini-reader just at the opening slot of the card & a hidden wireless camera to record the user's pin. Then, these syndicates would withdraw the victim's cash from their bank account from the nearby country (JB, Malaysia). AFAIK, more than 1,000 people were affected ...

Mark_T

You'd think BMW would have the funds to pay a competent cryptanalysts to scrutinise their protocols before shipping product... But then again the GSM consortium didn't appear to bother doing this with A5: http://en.wikipedia.org/wiki/A5/1

LoopyByteloose

My own feeling are that anything radio-controlled can be snooped and at least interfered with. If one has the ability to replicate a digital radio transmission, a lot of wireless key systems might be easy to hack. It is much easier to just NOT have a wireless entry system.

At the core of the whole problem is that a car is a high value item on wheels. If you are going to become a thief, anything on wheels or easily mobile is very attractive. I'm sure your insurance company would consider a more favorable premium if you didn't have a wireless key system.

There is always going to be some crook out there that prefers hacking systems like this to actually doing the theft. They sell the box and have less risk of getting caught, may even live in another country.