Hacking BMW's Remote Keyless Entry System
It turns out to be surprisingly easy:
The owner, who posted the video at 1addicts.com, suspects the thieves broke the glass to access the BMW’s on-board diagnostics port (OBD) in the footwell of the car, then used a special device to obtain the car’s unique key fob digital ID and reprogram a blank key fob to start the car. It took less than 3 minutes to accomplish the feat. (That said, despite their sophistication, the thieves were, comically, unable to thwart the surveillance cameras, though they tried.)
[…]
Jalopnik reports that BMW thieves are likely exploiting a gap in the car’s internal ultrasonic sensor system to avoid tripping its alarm when they access the car.
But there’s another security flaw in play. The OBD system doesn’t require a password to access it and program a key fob. According to Jalopnik, this is a requirement in Europe so that non-franchised mechanics and garages can read the car’s digital diagnostic data.
More details here.
Nick • July 13, 2012 7:17 AM
You’re using a weird definition of “surprising”. The next time someone points out a consumer-grade product that can’t be hacked within twenty minutes using 90s-level computing power will be the first.