Wednesday, 12 September 2012

The Great BMW giveaway, a smart key hack

A survey has revealed that the one thing the public didn't have to worry about during the recession was car crime. The British Crime Survey (BCS) showed that vehicle crimes were down by 17% between 2009/10. Car offences were reduced by improved alarms, vehicle immobilizers and window and door locks, according to Home Office chief statistician David Blunt. Overall crime figures also dropped by 9% to 9.6 million, from 10.5 million, with offending reaching its lowest level since 1981.
A 2011 car is much harder to steal than a car from the '90s. They have all kinds of technology to help locate the car and simply make it harder to drive off with, for a lot of auto thieves, it's just not worth it.
Despite of this, there seems to be a small surge of high tech crime involving Smart keys. One security system, the smart key is an electronic access and authorization system which is available as an option or standard in several cars. It was first developed by Siemens in the mid-1990s and introduced by Mercedes-Benz under the name "Keyless Go" in 1998 on the W220 S-Class following its design patent filed by Daimler-Benz on May 17, 1997.

The smart key allows the driver to keep the key fob in their pocket when unlocking, locking and starting the vehicle. The key is identified via one of several antennas in the car's bodywork and a radio pulse generator in the key housing. Depending on the system, the vehicle is automatically unlocked when the door handle, trunk release, or an exterior button is pressed. Vehicles with a smart key system fitted are required to have a mechanical backup[citation needed], usually in the form of a spare key blade supplied with the vehicle. Some manufacturers hide the backup lock behind a cover for styling.
Vehicles with a smart key system can disengage the immobilizer and activate the ignition without inserting a key in the ignition, provided the driver has the key inside the car. On most vehicles this is done by pressing a starter button or twisting an ignition switch. When leaving a vehicle equipped with a smart key system, the vehicle is locked by either pressing a button on one of the door handles, touching a capacitive area on a door handle, or by simply walking away from the vehicle. The method of locking varies between models. Some vehicles automatically adjust settings based on the smart key used to unlock the car: user preferences such as seat positions, steering wheel position, exterior mirror settings, climate control temperature settings, and stereo presets are popular adjustments, and some models such as the Ford Escape even have settings which can prevent the vehicle from exceeding a maximum speed when a certain key is used to start it.
A device for sale on the internet is now allowing thieves to steal BMWs and other high-end cars without the need for the owner's keys, a BBC Watchdog investigation has found. In some parts of the country police have been leafleting BMW owners, warning them of the possibility of this kind of theft. Responding to the investigation BMW said: "Certain criminal threats, like the one you have highlighted, simply do not exist when cars are designed and developed. "This does not mean the car companies have done anything wrong, neither are they legally obliged to take any action.

The essential theft process varies in detail, but all seem to have a fundamental methodology in common. First, the car is entered, either via nearby RF jammers that block the lock signal from the fob from reaching the car, or, more crudely, by breaking a window, as seen in the video in this post of the 1 Series being stolen. In cases of the window break, the thieves seem to be exploiting a gap in the car's internal ultrasonic sensor system to avoid tripping the alarm.
Once some sort of access to the vehicle is gained, the thieves connect a device to the car's OBD-II connector which gives them access to the car's unique key fob digital ID, allowing them to program a blank key fob to work with the car right then and there. All cars sold in Europe must permit open and unsecured access to OBD codes, so non-franchised mechanics and garages may read the codes. BMW is not the only car company to allow key code access through the OBD port, but the recent rash of BMW thefts, compared to other makes, suggests another factor may be at play, possibly a good supply of blank BMW key fobs.

Used key fobs are available, and can usually be reprogrammed for another car of the same model, and new blank fobs are available as well. If manufacturers are going to provide electronic key fobs, the information needed to duplicate the key needs to be secured better. Or at all. The information needs to be available to the owner without a trip to a dealer, and perhaps should incorporate some manner of PIN or password to maintain security.
There seems to be no real solutions to preventing car crime technology in any form will eventually things get hacked. gps tracking and alarm systems have been hacked to some degree, the best type of security is incorporating several systems including a locked garage and steering lock. Even with several security systems a determined car thief can still break in, short of having armed guards around the car the best you can do is to have car insurance.
In 2005, the UK motor insurance research expert Thatcham introduced a standard for keyless entry, requiring the device to be inoperable at a distance of more than 10 cm from the vehicle. In an independent test, the Nissan Micra's system was found to be the most secure, while certain BMW and Mercedes keys failed, being theoretically capable of allowing cars to be driven away while their owners were refueling.
Despite this, car manufacturers are determine to use this keyless system as a way of the future. Meantime if you want to protect yourself from this hack, look into how you can disable the OBD port on your BMW by disconnecting the corresponding wires. If you or your dealer needs it, you can always reenable it. Alternatively, you can try to further secure the port in your own custom way.

No comments:

Post a Comment