Watch Hackers Steal A BMW In Three Minutes

Illustration for article titled Watch Hackers Steal A BMW In Three Minutes

There has been an unusual spike in the number of BMWs stolen in the UK this year, with some sources suggesting the number may be 300 cars or higher. The cars are being stolen without activating car alarms or immobilizers.


The suspected method used involves the use of devices that plug into the car's OBD port and can program blank key fobs, leaving owners with keys to missing cars. Here's how they do it.

BMW sites and forums have been understandably alarmed about the issue, which is affecting all BMW series models, from the 1 to the X6.

The essential theft process varies in detail, but all seem to have a fundamental methodology in common. First, the car is entered, either via nearby RF jammers that block the lock signal from the fob from reaching the car, or, more crudely, by breaking a window, as seen in the video in this post of the 1 Series being stolen. In cases of the window break, the thieves seem to be exploiting a gap in the car's internal ultrasonic sensor system to avoid tripping the alarm.

Once some sort of access to the vehicle is gained, the thieves connect a device to the car's OBD-II connector which gives them access to the car's unique key fob digital ID, allowing them to program a blank key fob to work with the car right then and there.

All cars sold in Europe must permit open and unsecured access to OBD codes, so non-franchised mechanics and garages may read the codes. BMW is not the only car company to allow key code access through the OBD port, but the recent rash of BMW thefts, compared to other makes, suggests another factor may be at play, possibly a good supply of blank BMW key fobs.

Used key fobs are available, and can usually be reprogrammed for another car of the same model, and new blank fobs are available as well.


As of publishing time, BMW reps contacted by Jalopnik have not returned emails. A poster on the PistonHeads forums, Tallbutbuxomly, did contact BMW UK, but received this noncommittal response to his concerns about the thefts:

However there are likely to be instances where a determined criminal can establish methods to gain entry into a BMW or any other manufacturers vehicle, regrettably this is outside of our control. I am sure you will appreciate that BMW cannot be held responsible for any incidents of this nature. However, BMW and its partners continue to work closely with the Police to monitor all methods of vehicle theft to ensure our products always remain in the hands of the rightful owner.


Of course, no one's happy with that response. Clearly, something is up. BMWs are apparently being stolen in the UK in far greater quantities than would normally occur, and there appears to be a security hole that is being exploited. Options for recent-model BMW owners at this point are pretty limited; the only sure-fire way to protect your car would be to disable or provide extra physical security for the OBD-II port itself. Neither is a great solution.

If manufacturers are going to provide electronic key fobs, the information needed to duplicate the key needs to be secured better. Or at all. The information needs to be available to the owner without a trip to a dealer, and perhaps should incorporate some manner of PIN or password to maintain security.


We'll keep monitoring the situation. Perhaps the world's slithering jackasses will decide to stop stealing cars; until that happens, the ball is in BMW's court. (Thanks to everyone for the tip!)

UPDATE: Jalopnik has received a response from BMW's UK Media Relations Manager, Gavin Ward. It's very similar to the response given to forum posters previously:

"The battle against increasingly sophisticated thieves is a constant challenge for all car makers. Desirable, premium-branded cars, like BMW and its competitors, have always been targeted. BMW has been at the forefront of vehicle security for many years and is constantly pushing the boundaries of the latest defence systems. We work closely with the authorities and with other manufacturers to achieve this.

"We are aware of recent claims that criminal gangs are targeting premium vehicles from a variety of manufacturers. This is an area under investigation.

"We have a constant dialogue with police forces to understand any patterns which may emerge. This data is used to enhance our defence systems accordingly. Currently BMW Group products meet or exceed all global legislative criteria concerning vehicle security."


They're correct that the overall problem is industry-wide, but the unusual numbers of BMWs should merit a more specific response, one would think.

(Sources: PistonHeads, 1Addicts, Express & Star)



Well, at least he didn't say "We are committed to _______"; I hate it when companies say that, it's so played out as a PR line.