Hackers steal keyless BMW in under 3 minutes
Automobile enthusiasts are pointing to an unusual spike in the number of BMW thefts in the U.K. this year. Expensive cars being stolen isn't anything to write home about, but the reason for this new trend definitely is: the cars in question are keyless. Multiple BMW models are being swiped without activating car alarms or immobilizers because the thieves are hacking their way into the vehicles.
On the car forum 1Addicts, a one-time poster by the name of "stolen1m" uploaded the above video showing how his BMW was stolen in under three minutes. He suspects the thieves used devices that plug into the car's On-Board Diagnostic (ODB) port to program a new keyfob.
In this particular video, there are a few security flaws that the hackers are exploiting simultaneously: there is no sensor that is triggered when the thieves initially break the window, the internal ultrasonic sensor system has a "blind spot" just in front of the OBD port, the OBD port is constantly powered (even when the car is off), and last but not least, it does not require a password. All of this means the thieves can gain complete access to the car without even entering it.