Watch Hackers Steal A BMW In Three Minutes

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Hackers are moving up in the world. It would seem they have graduated from defacing websites and stealing grandma's credit card info to actually getting their hands dirty stealing BMWs.

The cars are being stolen without activating car alarms or immobilizers. The suspected method used involves the use of devices that plug into the car's OBD port and can program blank key fobs, leaving owners with keys to missing cars. Here's how they do it.
Click to expand...
 
This kind of hack is actually fairly easy if you are a bit of familiarity with OBD technology. As the article mentioned, the protocols are public. You basically just ask the car for its ID, and then put it on the key.
 
They actually stole it in about 2 minutes... :eek: The last minute of the video is from a different angle.
 
so do they break the window first? Or did the owner leave the window down?

A simple drill a hole thru OBD port and attach a pad lock (this is what we have to do so the dealer does not override our custom tunes without us knowing it)
 
After stealing the car these Japanese kids wrecked it in the mountains trying to drift.
 
They aren't hackers.

They're car thieves.

Your headline makes it sound like they unleashed a virus and a DDOS on the car.

They're just nothing but common everyday crooks.

Oh wait, thats all hackers are too.

Continue on
 
Been done like this for quite some time. Especially with cars from the VAG concern.

Anyway, with how many are they lol?
 
So they manage to hack their way to open the door? Because it looks like the video they put it in neutral and push it away, granted it might be because they don't want to start the car so close to the building but still.
 
Brings a whole new meaning to the "you wouldn't download a car" meme.
 
sfsuphysics said:
So they manage to hack their way to open the door? Because it looks like the video they put it in neutral and push it away, granted it might be because they don't want to start the car so close to the building but still.
Click to expand...

They cut a small hole in the window and reach into the car. Apparently this is a blind spot on the motion detector in the stock alarm system. Only thing they are doing outside the car is plugging a cable into the ODBII port. The rest of the time is spent getting the information from the car and then using the information to create a new key. Once the new key is created they disarm the alarm, unlock, and get into the car. They push the car away because the car is somewhat loud on cold start-up (N54 engine catalytic converter warm up) and apparently didn't want to alert anyone.

I think a more appropriate computer term for these people would be script kiddie as they are using off the shelf, grey market equipment.

Here is a example with demonstration
http://www.youtube.com/watch?v=kVmPfCFFkqQ
 
No wonder they bill keyless entry as a convenience feature, it's convenient for thieves!
 
I like the point where the guy in white is like: " Dude, there's a camera. What do I do, tap dance?"
 
While I think the techniques and creativeness are interesting -- here in Texas we would shoot both of those people dead. (Night time changes a few of the finer points of what you can get away with when it comes to defending yourself and your property)

I would hope that BMW updates the motion sensors field to cover the spots they are sneaking this through. In the information age -- and keyless systems, sounds to me like they need to relocate the ODBII port or at least secure it.

A few lines of code is all it would take to have it such where if an ODBII connection is initiated BAM the alarm goes off.

I'd be more impressed with hacks like these if they were 100% wireless -- my Z06 has the wireless FOB system where as long as you are within a few feet of the car it's unlocked for you, same thing with starting it, there is no actual key, as long as the FOB is in your pocket the engine will start with the push of a button.
 
I havent looked at my OBD port, but Im guessing if you just put some really sticky tape over it they wouldnt be able to do this without setting off the car alarm?
 
RoundArc said:
You can't cut a hole in tempered glass. The whole window would pop into bits.
Click to expand...

I stand corrected. From the OP/victim- "The thieves accomplished this by accessing the BMW OBD port in the footwell by breaking the glass, reaching in and using a device to reprogram a blank key fob."
 
And this is why I don't buy nice cars........ok maybe its my low income.
 
Lemonjello said:
I havent looked at my OBD port, but Im guessing if you just put some really sticky tape over it they wouldnt be able to do this without setting off the car alarm?
Click to expand...

People are either relocating them or putting in a toggle switch so they won't have power. One company is coming up with a cover that is supposed to lock on so you can't get at the port.

Either way, when this happened in March, there were something like 160 BMWs stolen that month in the Midlands and BMW UK still doesn't want to acknowledge that there's a problem.
 
That is awsome. I would love to see that happen to a large number of japanese cars in the U.S.

I wonder if those guys ever tried to do that on the dealer lot? I bet if they did it would spark a more concerned response from the manufacture, not the lame paragraph they gave in that article.

To me they basically said, sorry our alarm system sucks but we wont do anything about it because we already have your money. Oh and if it is stolen and you dont get it back we get paid and you can get another one so we get paid twice.:D
 
A Profession thief will always be able to steal anything given the right tool and time. Stupid pointless video.
Car alarms have been useless for years and Insurance companies insist on certain alarms just to raise premiums.
 
If they were able to smash the window, and climb into the car to attach a OBD plug, then I doubt the car alarm was armed in the first place.
 
morfinx said:
From the Jalopnik article:



http://jalopnik.com/5923802/watch-hackers-steal-a-bmw-in-three-minutes

Anyone knows if US cars are affected?
Click to expand...

Well they have to show OBD II codes with a code reader, that doesn't mean you should be able to program a new key for them from the OBD II port without even unlocking the vehicle.

sir-gold said:
If they were able to smash the window, and climb into the car to attach a OBD plug, then I doubt the car alarm was armed in the first place.
Click to expand...

They didn't climb into the car to attach the plug, they did it through the window. You can't unlock the car from the inside if it's been locked with the key fob, you need a physical key or the fob to unlock it. Which is why they don't get into the car until after they have the key. If they moved the OBDII port to where it can't be accessed unless the door was open (IIRC Audi has it on the door pillar and if the door is shut you can't get to it) this wouldn't be an issue.
 
pablouk said:
A Profession thief will always be able to steal anything given the right tool and time. Stupid pointless video.
Car alarms have been useless for years and Insurance companies insist on certain alarms just to raise premiums.
Click to expand...

Agreed on car alarms. I think they're f*ing useless and whenever one goes off in my neighborhood I always think "God damn that's annoying" and close my window. Hardly do I ever poke my head out to see what set it off. I still think the best way to protect your car at home is to garage it.
 
fochkoph said:
Agreed on car alarms. I think they're f*ing useless and whenever one goes off in my neighborhood I always think "God damn that's annoying" and close my window. Hardly do I ever poke my head out to see what set it off. I still think the best way to protect your car at home is to garage it.
Click to expand...

lmao! duh, locking your car in your house will be more secure than on the street. so people who live in apartments or townhomes are just SOL and shouldnt bother getting alarms because it will bother you? how about having my alarm go off because somebody just bumped into my car with thier own? sounds useful to me...I can get out ther before they pull away. Or some fool decided he's just going smash and grab my phone charger or something (and yes, I know someone that had that happen in the mall parking lot). Or the lady I used to work with who had her catalytic converter stolen at my job's parking lot?

Anyway, there was no alarm in play here. There is no way possible the shock sensor would fail to go off that close to the front of the car (and especially on the drivers side!). and a blind spot the size and length of a human arm in the motion detector INSIDE the car? come on.

This is a nifty little caper in that they didnt have to rip out any existing electronics to disable the locking system and apparently created a working key on the spot but it could have definitely been harder.
 
What gets me about thieves is how they don't seem to care about consequences. If I was planning to steal a car I would fear that the owner would come out in a rage and shoot me until dead. So then my thought process would tell me that my possible death outweighs the benefits of stealing a car.

Thieves must be wired differently.
 
A Lexus should take under a minute, since they don't detect glass shatter.
Break window, plug in obd.
 
weebling1 said:
I like the point where the guy in white is like: " Dude, there's a camera. What do I do, tap dance?"
Click to expand...

Rabid Sloth said:
They cut a small hole in the window and reach into the car. Apparently this is a blind spot on the motion detector in the stock alarm system. Only thing they are doing outside the car is plugging a cable into the ODBII port. The rest of the time is spent getting the information from the car and then using the information to create a new key. Once the new key is created they disarm the alarm, unlock, and get into the car. They push the car away because the car is somewhat loud on cold start-up (N54 engine catalytic converter warm up) and apparently didn't want to alert anyone.

I think a more appropriate computer term for these people would be script kiddie as they are using off the shelf, grey market equipment.

Here is a example with demonstration
http://www.youtube.com/watch?v=kVmPfCFFkqQ
Click to expand...

see bolded portion. :-P

unfortunately, there are ways to get around glass-break sensors... had it happen on my wife's SUV. even the dealer was surprised that the alarm didn't go off during the smash portion of the smash and grab. it took the idiot thief over 5 times to shatter the double-laminate window.. they wound up doing more damage to the window trim, by continuing, than just breaking the window would've been...
 
if a competent thief really wants to take your car, it will be gone regardless of what you drive.
 
Crap... The property owners can afford a HD time lapsed video camera, but they can't afford a night security guard, who would be a visual deterrent while patrolling the grounds at night time. No way dude... the old security guard is asleep. Shhhh or you'll wake up the camera and it'll set off a visual motion alarm which can be phoned into local law enforcement. What do you mean you can not afford the manual way using a security guard physically monitoring the camera and then silently phoning police for help.
 
So, just pull the fuse from your ODB2 port connector 12V power if you want to stop it.
 
why don't people invest in removable steering wheels with locking smooth hubs? Then, the only way to steel the car is with a flatbed. Cant drive it without a steering wheel. I saw one kit that had a hub that went over the exposed column where the top of the hub spun freely, so you couldn't grab it and steer with it. Shouldn't be hard to wire up a steering wheel with contacts for the on wheel controls to make it removable. Just my 2 cents.
 
Odnocer said:
Crap... The property owners can afford a HD time lapsed video camera, but they can't afford a night security guard, who would be a visual deterrent while patrolling the grounds at night time. No way dude... the old security guard is asleep. Shhhh or you'll wake up the camera and it'll set off a visual motion alarm which can be phoned into local law enforcement. What do you mean you can not afford the manual way using a security guard physically monitoring the camera and then silently phoning police for help.
Click to expand...

Camera system can be had for around $2000. Security guard can be had for around $2000 a week. You do the math...
 
You must log in or register to reply here.
Back
Top