Diary of a Network Geek

The trials and tribulations of a Certified Novell Engineer who's been stranded in Houston, Texas.

7/27/2012

Steal a BMW in 3 Minutes

Filed under: Criticism, Marginalia, and Notes,Fun,Geek Work,News and Current Events — Posted by the Network Geek during the Hour of the Hare which is terribly early in the morning or 6:27 am for you boring, normal people.
The moon is Waxing Gibbous

No, I’m not advocating that you actually do this!

But, in Europe, it’s already been done.
Apparently, the special key that costs you $160 for your super-secure BMW isn’t really all that much of a deterrent after all.  According to a story that ran recently on ExtremeTech, hacker-thieves have found a way to bypass the BMW security system and, in a separate step, decode the information needed to actually start the car without having the special, expensive key.  It seems that the on-board diagnostic port on the cars gives them complete, unsecured access to the data in the car’s computer, which allows them to get the codes they need to program up a new key and drive away in your very high-end car.  Interestingly enough, they’re able to do this because BMW is required by law to keep the codes and on-board diagnostic information unencrypted to allow competing firms to service the vehicles and not get locked out by BMW to form a monopoly.
Although the article focuses on BMWs, likely this is happening to other cars that use a similar technology and for the same reasons.  It’s just that right now, the expensive, high-end BMWs are what the thieves are stealing, and in fact they’ve always been popular targets for thieves due to their general popularity, so they’re getting all the attention.

Frankly, when I first heard about these “special” keys and ignition systems, I wondered how long it would be before they were subverted.  I just generally distrust systems like that, which operate over easily accessible networks.  Too many points of failure.  Anyway, check out the video in the link.  It’s pretty scary how quickly they can accomplish their goal of stealing the car.
But, what an amazing, real-world test of that security system!

So, how is this “fun” for a Fun Friday link?
Okay, it’s not really, but it seemed appropriate to share while I was out at DEF*CON in Las Vegas.  But, all you criminal types, don’t get any ideas!  My house is being watched and I’ll be back by the time that most of you read this!


Powered by WordPress
Any links to sites selling any reviewed item, including but not limited to Amazon, may be affiliate links which will pay me some tiny bit of money if used to purchase the item, but this site does no paid reviews and all opinions are my own.