A bunch of thieves managed to hack into a BMW 1M coupe and drive it away in under 3 minutes, clean and quiet as you please. BMW‘s keyless entry system is apparently to blame, and there appears to be a lot of blame, because no one prefers losing their car to losing their car keys.
The owner, stolen1m, first posted the video on 1Addicts, a car forum, along with his hypothesis on what happened in those 3 minutes. Apparently, the thieves used a key programming device (available for around $10,000) that exploits the car’s On-Board Diagnostic (OBD) port to clone the key fob, granting luxury car access to those clever, clever thieves.
ZDNet has a decently compact explanation:
In this particular video, there are a few security flaws that the hackers are exploiting simultaneously: there is no sensor that is triggered when the thieves initially break the window, the internal ultrasonic sensor system has a “blind spot” just in front of the OBD port, the OBD port is constantly powered (even when the car is off), and last but not least, it does not require a password. All of this means the thieves can gain complete access to the car without even entering it.
BMW doesn’t seem particularly ruffled by this incident, responding to Jalopnik thusly:
The battle against increasingly sophisticated thieves is a constant challenge for all car makers. Desirable, premium-branded cars, like BMW and its competitors, have always been targeted. BMW has been at the forefront of vehicle security for many years and is constantly pushing the boundaries of the latest defence systems. We work closely with the authorities and with other manufacturers to achieve this.
Yeah, sure, they stole the BMW because it’s a BMW, but I have a hunch they also kinda stole it because they could.