Hacking BMW's Remote Keyless Entry System
It turns out to be surprisingly easy:
The owner, who posted the video at 1addicts.com, suspects the thieves broke the glass to access the BMW’s on-board diagnostics port (OBD) in the footwell of the car, then used a special device to obtain the car’s unique key fob digital ID and reprogram a blank key fob to start the car. It took less than 3 minutes to accomplish the feat. (That said, despite their sophistication, the thieves were, comically, unable to thwart the surveillance cameras, though they tried.)
Jalopnik reports that BMW thieves are likely exploiting a gap in the car’s internal ultrasonic sensor system to avoid tripping its alarm when they access the car.
But there’s another security flaw in play. The OBD system doesn’t require a password to access it and program a key fob. According to Jalopnik, this is a requirement in Europe so that non-franchised mechanics and garages can read the car’s digital diagnostic data.
More details here.