BMW X3 Forum
BMW X3 Forum
Welcome to the ultimate BMW X3 community.
BMW Garage BMW Meets Register Search Today's Posts Mark Forums Read
Post Reply
 
Thread Tools Search this Thread
      07-14-2012, 05:03 AM   #23
sfax
Brigadier General
sfax's Avatar
United Kingdom
91
Rep
3,855
Posts

Drives: BMW X3 2011 F25
Join Date: Nov 2010
Location: Berkshire, UK

iTrader: (0)

Just been having a read through the PistonHeads thread - it's HUGE! My take on it is (all very subjective and feel free to correct me):

Some but maybe not all stop/start BMWs are affected
  • The most commonly reported OBD thefts appear to be E series but the X5 gets a few mentions. Can't see any X3 mentions - yet
  • The side window is getting smashed but not setting off the alarm
  • BMW are aware of the issue, they have started an internal investigation
  • Thatcham are aware of the issue and are working on a fix
  • You could help prevent an OBD theft by installing a hidden switch and leaving the OBD switched off permanently except when it goes in for a service. This would prevent most OBD thefts because as soon as they realise the port is disabled they are likely to move on to the next and easier target
  • The OBD port is wide open to abuse and the thieves have a static new BMW key and then code the BMW to accept the key (rather than coding the key to work with the car)
  • The BMW has a number of key slots, 5 or 10 (not sure) and if you ever needed to get a new key, they would have to use a new slot for the new key. When the car is stolen they are simply using a spare slot so a form of defence would be to disable all of the free key slots. This would be mean if you lost both of your keys you would have to replace the whole CAS control unit - obviously this would be very expensive

This last point came from here

Quote:
Same guys again??? My '09 E92 335d went April 24th from W9 (West London) and was found the same day in NW1 (next postcode across). They also looked in the boot for the tracker by removing the panels and left the obd cable out. And they stuck new plates on it but the police spotted it parked up.

I've asked the dealer who sold it (Reading) if they can disable the additional key added by the thieves...am awaiting their response.
Asked BMW what I should do. Their response was

"Thank you for your email dated June 13, 2012.

I have been in contact with our technical department and they have advise that you would need to get keys number 3 through to 10 barred in the vehicle at Holland Park. However, I must note that this would also stop any further keys being made, therefore, if you lose your own two keys you would need to purchase a complete new CAS control unit and key.

I trust that this answers your enquiry, however, please do not hesitate to contact me, if I can be of further assistance.

Yours sincerely

BMW UK"

Contacted dealer who said he would ask his technicians about it but still waiting for a reply a week later despite chasing - not impressive in the least.
http://www.pistonheads.com/gassing/t...BMW+keys&mid=0


This is getting more and more coverage in the UK including in national press such as AutoExpress. I expect BMW will have to act but the cost of fixing the flawed security is huge as the cars take so long to code.

Will be more of a concern to us X3 owners / prospective owners if X3s start getting reported but £100 for fitting an OBD switch seems like a bargain as an interim safe measure.
__________________

F25 xDrive20d SE __ professional multimedia package | dynamic package | climate package | 309s | xline | xenons | electric seats | folding mirrors | business speakers
Appreciate 0
      07-14-2012, 06:43 AM   #24
sfax
Brigadier General
sfax's Avatar
United Kingdom
91
Rep
3,855
Posts

Drives: BMW X3 2011 F25
Join Date: Nov 2010
Location: Berkshire, UK

iTrader: (0)

Note 2011 X6 as one of the cars easily unlocked, still not seen an F series done but it must be just as easy. Definitely looking into disabling my ODB port!

http://www.zdnet.com/hackers-steal-k...eo-7000000507/

Quote:
Automobile enthusiasts are pointing to an unusual spike in the number of BMW thefts in the U.K. this year. Expensive cars being stolen isn't anything to write home about, but the reason for this new trend definitely is: the cars in question are keyless. Multiple BMW models are being swiped without activating car alarms or immobilizers because the thieves are hacking their way into the vehicles.

On the car forum 1Addicts, a one-time poster by the name of "stolen1m" uploaded the above video showing how his BMW was stolen in under three minutes. He suspects the thieves used devices that plug into the car's On-Board Diagnostic (ODB) port to program a new keyfob.

In this particular video, there are a few security flaws that the hackers are exploiting simultaneously: there is no sensor that is triggered when the thieves initially break the window, the internal ultrasonic sensor system has a "blind spot" just in front of the OBD port, the OBD port is constantly powered (even when the car is off), and last but not least, it does not require a password. All of this means the thieves can gain complete access to the car without even entering it.

BMW has acknowledged that there is a problem, but is downplaying this particular issue by saying the whole industry struggles with thievery. This is unfortunate given that the evidence seems to point towards BMWs being specifically targeted. Whether that's because they are luxury cars or because they have a security loophole doesn't matter: the point is BMW needs to do something about it.

"The battle against increasingly sophisticated thieves is a constant challenge for all car makers. Desirable, premium-branded cars, like BMW and its competitors, have always been targeted," a BMW spokesperson told Jalopnik. "BMW has been at the forefront of vehicle security for many years and is constantly pushing the boundaries of the latest defence systems. We work closely with the authorities and with other manufacturers to achieve this. We are aware of recent claims that criminal gangs are targeting premium vehicles from a variety of manufacturers. This is an area under investigation. We have a constant dialogue with police forces to understand any patterns which may emerge. This data is used to enhance our defence systems accordingly. Currently BMW Group products meet or exceed all global legislative criteria concerning vehicle security."

BMW needs to watch the three other YouTube videos also posted in the aforementioned forum:

BMW Key programming
BMW X6 2011 KEYPROGRAMMING
BMW 2011 keyprogrammer tool

This is a serious problem. New cars, especially high-end ones, no longer require a physical key to be inserted into the ignition. The previous system evolved into being much more secure because it was two-tiered: metal keys that also have a chip. This new system means stealing cars (mainly BMWs so far) is extremely easy for the sophisticated criminal.

If you want to protect yourself from this hack, look into how you can disable the OBD port on your BMW by disconnecting the corresponding wires. If you or your dealer needs it, you can always reenable it. Alternatively, you can try to further secure the port in your own custom way.














__________________

F25 xDrive20d SE __ professional multimedia package | dynamic package | climate package | 309s | xline | xenons | electric seats | folding mirrors | business speakers
Appreciate 0
      07-14-2012, 08:28 AM   #25
BMWLVX
Private
4
Rep
81
Posts

Drives: X3 2.0d
Join Date: Jul 2012
Location: Europe

iTrader: (0)

Is all of this unique to BMW cars/keys?
Appreciate 0
      07-14-2012, 12:33 PM   #26
sfax
Brigadier General
sfax's Avatar
United Kingdom
91
Rep
3,855
Posts

Drives: BMW X3 2011 F25
Join Date: Nov 2010
Location: Berkshire, UK

iTrader: (0)

Quote:
Originally Posted by BMWLVX View Post
Is all of this unique to BMW cars/keys?
No, but at the moment there appears to be a much higher proportion of BMWs stolen by these devices than other makes. Just look at the size of the PistonHeads thread (62 pages and getting updated daily with more reports) and the number of reported BMWs stolen this year. To put it into context the police are knocking on the doors of people who own BMWs in Birmingham and advising them to put a steering lock on their car or to add some other additional security.
__________________

F25 xDrive20d SE __ professional multimedia package | dynamic package | climate package | 309s | xline | xenons | electric seats | folding mirrors | business speakers
Appreciate 0
      07-15-2012, 12:48 PM   #27
sfax
Brigadier General
sfax's Avatar
United Kingdom
91
Rep
3,855
Posts

Drives: BMW X3 2011 F25
Join Date: Nov 2010
Location: Berkshire, UK

iTrader: (0)

This story is now making the national press, not just car magazines

http://www.mirror.co.uk/authors/quen...i-tech-1142902
__________________

F25 xDrive20d SE __ professional multimedia package | dynamic package | climate package | 309s | xline | xenons | electric seats | folding mirrors | business speakers
Appreciate 0
      07-15-2012, 12:52 PM   #28
BMWLVX
Private
4
Rep
81
Posts

Drives: X3 2.0d
Join Date: Jul 2012
Location: Europe

iTrader: (0)

Great. Now we'll have every scrote under the sun trying to get their hands on blank keys and programmers.
Appreciate 0
      07-15-2012, 02:01 PM   #29
April1
Love All
April1's Avatar
United_States
170
Rep
740
Posts

Drives: X3 28i 2011
Join Date: Nov 2011
Location: San Francisco

iTrader: (2)

Police and thieves chase will keep going, I am sure car manufacturers will soon come up with an update to hide/ lock the key data from such thieves.

I am wondering if I can find a lock to lock my OBD port.
Appreciate 0
      07-15-2012, 02:35 PM   #30
sfax
Brigadier General
sfax's Avatar
United Kingdom
91
Rep
3,855
Posts

Drives: BMW X3 2011 F25
Join Date: Nov 2010
Location: Berkshire, UK

iTrader: (0)

Quote:
Originally Posted by April1 View Post
I am sure car manufacturers will soon come up with an update to hide/ lock the key data from such thieves
I agree but can you see BMW paying for everyone to get the update? If it's software, they won't want to do it as it takes 4 hours plus just to upgrade one car. If it's hardware, it's even less likely they'll do it. Only new cars will get fixed.

I'm seriously looking at an OBD switch or just manually disconnecting the port or tucking it up behind a dummy port. Will be interested to see what some of the contributors on the PH forum do protect their OBD ports.

The other option is asking BMW to disable or block the free key slots. I think (based on what I've read) they can't add a key if there aren't any free slots without flashing the firmware on the CAS and that takes hours (and probably requires more skill) whereas just adding one key takes about a minute and requires a £100 device any muppet can buy and use. The downside to this is the added cost/inconvenience if you then lose your key. I am going to contact my dealer and see what they say (after denying that there is a problem!)
__________________

F25 xDrive20d SE __ professional multimedia package | dynamic package | climate package | 309s | xline | xenons | electric seats | folding mirrors | business speakers
Appreciate 0
      08-21-2012, 10:45 AM   #31
sfax
Brigadier General
sfax's Avatar
United Kingdom
91
Rep
3,855
Posts

Drives: BMW X3 2011 F25
Join Date: Nov 2010
Location: Berkshire, UK

iTrader: (0)

Quick update on this so it doesn't fall out of sight, out of mind. There are loads more reports of stolen BMWs on the pistonheads thread which is now 83 pages long which says a lot. However, I still haven't seen anyone post a report of an F series getting stolen in this way which is reassuring - for now at least.

Disgraceful how BMW have denied it's a problem and not provided some sort of free solution to prevent this huge loophole in their security. As someone said in one of the links below, it shouldn't be easier to steal a new £40k BMW than it is a bicycle!

pistonheads thread

Some more info here:

http://www.schneier.com/blog/archive...g_bmws_re.html
__________________

F25 xDrive20d SE __ professional multimedia package | dynamic package | climate package | 309s | xline | xenons | electric seats | folding mirrors | business speakers
Appreciate 0
      08-21-2012, 03:59 PM   #32
DJ Daddy-O
Private First Class
8
Rep
160
Posts

Drives: BMX X3 F25 2011
Join Date: Mar 2011
Location: West Yorkshire, UK

iTrader: (0)

Apparently there is a difference between the E series and F series vehicles, with the latter needing the ignition to be switched on in order to craft a new key.

If correct, this would make the stealing of our F25s not possible by this method.

Not sure on the reliability of my source for this info though, but I hope it's right!
Appreciate 0
      08-21-2012, 04:25 PM   #33
cooldude00
First Lieutenant
7
Rep
332
Posts

Drives: x3 2.0d
Join Date: Jan 2011
Location: uk

iTrader: (0)

that's somewhat both reassuring and disappointing at the same time... can't believe that bmw is still in denial...

makes me wonder whether to keep the x3 or not...
__________________
it's here!!!
Appreciate 0
      08-21-2012, 04:38 PM   #34
sfax
Brigadier General
sfax's Avatar
United Kingdom
91
Rep
3,855
Posts

Drives: BMW X3 2011 F25
Join Date: Nov 2010
Location: Berkshire, UK

iTrader: (0)

Quote:
Originally Posted by DJ Daddy-O View Post
Apparently there is a difference between the E series and F series vehicles, with the latter needing the ignition to be switched on in order to craft a new key.

If correct, this would make the stealing of our F25s not possible by this method.

Not sure on the reliability of my source for this info though, but I hope it's right!
Could be. Certainly hasn't been disproved yet. Not sure how this would work if you lost all your keys and needed a new one coded by BMW though. How would you switch the ignition on first without a key? Chicken and egg
__________________

F25 xDrive20d SE __ professional multimedia package | dynamic package | climate package | 309s | xline | xenons | electric seats | folding mirrors | business speakers
Appreciate 0
      08-21-2012, 04:39 PM   #35
sfax
Brigadier General
sfax's Avatar
United Kingdom
91
Rep
3,855
Posts

Drives: BMW X3 2011 F25
Join Date: Nov 2010
Location: Berkshire, UK

iTrader: (0)

Quote:
Originally Posted by cooldude00 View Post
that's somewhat both reassuring and disappointing at the same time... can't believe that bmw is still in denial...

makes me wonder whether to keep the x3 or not...
Agreed. If it gets OBD nicked the decision has been taken for you!
__________________

F25 xDrive20d SE __ professional multimedia package | dynamic package | climate package | 309s | xline | xenons | electric seats | folding mirrors | business speakers
Appreciate 0
      08-22-2012, 12:19 AM   #36
DJ Daddy-O
Private First Class
8
Rep
160
Posts

Drives: BMX X3 F25 2011
Join Date: Mar 2011
Location: West Yorkshire, UK

iTrader: (0)

I agree Sfax a bit chicken and egg. Guess they relying on you not losing both keys or I assume there is some ability to completely reload the system if you do! Costly but if that means the OBD is not vulnerable then it's worth it for the minuscule risk of a double key loss.

The most popular way to steal a car is to break into the owner's house and steal the keys. Every car is vulnerable to that.

A couple of years ago a friend had her Porsche stolen this way. The police knew whodunit and said "lucky your keys were downstairs because these guys will do whatever it takes to get the keys".

Any car can be stolen and if I am unfortunate enough for them to decide it is mine I would prefer it to be OBD stolen than have a thug in my house looking for guys.

Would the OBD risk make me change my car. No way and i am hopeful F series are not vulnerable in the same way. Might it happen. Yes, but so might a lot of other things.
Appreciate 0
      08-22-2012, 11:35 AM   #37
sfax
Brigadier General
sfax's Avatar
United Kingdom
91
Rep
3,855
Posts

Drives: BMW X3 2011 F25
Join Date: Nov 2010
Location: Berkshire, UK

iTrader: (0)

Quote:
Originally Posted by DJ Daddy-O View Post
I agree Sfax a bit chicken and egg. Guess they relying on you not losing both keys or I assume there is some ability to completely reload the system if you do! Costly but if that means the OBD is not vulnerable then it's worth it for the minuscule risk of a double key loss.

The most popular way to steal a car is to break into the owner's house and steal the keys. Every car is vulnerable to that.

A couple of years ago a friend had her Porsche stolen this way. The police knew whodunit and said "lucky your keys were downstairs because these guys will do whatever it takes to get the keys".

Any car can be stolen and if I am unfortunate enough for them to decide it is mine I would prefer it to be OBD stolen than have a thug in my house looking for guys.

Would the OBD risk make me change my car. No way and i am hopeful F series are not vulnerable in the same way. Might it happen. Yes, but so might a lot of other things.
True but there is much higher risk for the thieves including much longer prison sentences for what then becomes aggravated burglary. They might do that for Range Rovers and high end cars but not really worth it for cars like the X3 and 3 series BMWs. Weaselly thieves will take the safest, quickest option and if that means targeting cars for which you don't even need a key to steal, that's what they'll go for - which is why it's a concern for me if the F25 is affected.

Re. keys at home when you're at home, I always keep them upstairs and set the alarm downstairs. A lot of people leave them in plain view from a downstairs window which is again making it far too easy for them.

Fair point on the avoiding confrontation but I still thinker it's safer not to invite them to steal in the first place
__________________

F25 xDrive20d SE __ professional multimedia package | dynamic package | climate package | 309s | xline | xenons | electric seats | folding mirrors | business speakers
Appreciate 0
      09-13-2012, 02:09 PM   #38
DonC
Lieutenant
United_States
29
Rep
427
Posts

Drives: 2013 X3 3.5i M sport, etc
Join Date: Aug 2012
Location: near Seattle

iTrader: (0)

Over here we have the firearm option if the perp shows up in the house...
__________________
2013 X3 3.5i AW,Msprt,rear fogs,PS,CP, Tech, etc...
Other cars
2005 S2000
2018 i3S
Appreciate 0
      09-13-2012, 02:33 PM   #39
Bustofa
Lieutenant
United Kingdom
7
Rep
470
Posts

Drives: F25 X3 XDrive20D SE
Join Date: Mar 2011
Location: Washington, UK

iTrader: (0)

This posted tonight on Facebook by BMW UK in response to a comment from another BMW owner:

"As your X3 is an F25 model this does not affect you, as your vehicle has a different security system.

Kind regards
The BMW UK Facebook Team
"
Appreciate 0
      09-13-2012, 02:55 PM   #40
sfax
Brigadier General
sfax's Avatar
United Kingdom
91
Rep
3,855
Posts

Drives: BMW X3 2011 F25
Join Date: Nov 2010
Location: Berkshire, UK

iTrader: (0)

Quote:
Originally Posted by Bustofa View Post
This posted tonight on Facebook by BMW UK in response to a comment from another BMW owner:

"As your X3 is an F25 model this does not affect you, as your vehicle has a different security system.

Kind regards
The BMW UK Facebook Team
"

Good spot Bustofa. The speculation on PistonHeads suggested no F series are affected but it was never confirmed so good to read this.

That PH thread today is full of people phoning BMW's customer services and giving them an earful and they're all getting told they will be contacted in 8 weeks by their dealer for an update. If you're pre March 2007 and affected there is no fix being offered which is harsh.
__________________

F25 xDrive20d SE __ professional multimedia package | dynamic package | climate package | 309s | xline | xenons | electric seats | folding mirrors | business speakers
Appreciate 0
      09-23-2012, 02:46 PM   #41
toneus
New Member
United Kingdom
5
Rep
12
Posts

Drives: BMW X5 xDrive40d SE (on order)
Join Date: Sep 2012
Location: United Kingdom

iTrader: (0)

This from BMW

12th september


BMW on BBC Watchdog & Channel 4 News Tonight

Tonight BMW will feature as part of a piece on vehicle theft on the BBC programme Watchdog at 20:00 and on the Channel 4 News at 17:00.

You may be asked by friends and family what your view of this is, so you need to be aware of the company position.

BMW, like other manufacturers, has become the target of organised criminal operations that are targeting specific vehicles and using highly sophisticated equipment illegally to steal vehicles.

Certain criminal threats, like the one highlighted on these programmes, simply do not exist when cars are designed and developed. This does not mean the car companies have done anything wrong, neither are they legally obliged to take any action. However, BMW has always taken security extremely seriously and has worked closely with police forces around the country (and the world), with Thatcham and with the industry body, the SMMT (The Society of Motor Manufacturers and Traders) to understand and mitigate against car crime wherever possible. Therefore, when we were made aware of this new form of attack, we took it very seriously and immediately launched an investigation. A vital point to acknowledge here is that there is no such thing as the unstealable car.

There is no specific BMW security issue here, this is something which affects many brands, however organised criminals have targeted particularly desirable cars, with higher value parts and that is why BMW is amongst the brands affected. BMW prides itself on its vehicle security systems and all BMWs meet all UK and global security standards. Our engineers and technicians review all aspects of our vehicles constantly, including security systems, and after extensive research we are clear that none of our latest models - new 1 Series, 3 Series, 5 Series, 6 Series and 7 Series - nor any other BMW built after September 2011 can be stolen using the method highlighted. Given this information, no BMW UK company cars seem to be affected.


For cars built before this date our investigations, jointly with the police, have identified late model BMW X5 and X6 as cars which have been focused on by organised criminals. We are now taking steps to mitigate against this type of theft for these two models and are contacting customers accordingly. For obvious security reasons we cannot say what these measures are. We are considering options for certain other models to see if similar measures might be applied.

Should you be asked what our advice to customers on this issue is you can say:
•When using remote locking, ensure the car has actually locked by checking a door.
•Be careful with your keys and who you give them to (e.g. valet parking). There is a risk that they could be cloned.
•Where ever possible park your car out of sight, in a locked garage or under the cover of CCTV cameras
•In addition: We recommend servicing your BMW at dealerships capable of providing software updates (e.g. authorised BMW Dealerships) on a regular basis to give the opportunity of further enhancing theft protection.

Anybody seeking for further advice should contact the BMW Customer Service Centre on 0800 083 4397.
Appreciate 0
Post Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -5. The time now is 09:06 AM.




xbimmers
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
1Addicts.com, BIMMERPOST.com, E90Post.com, F30Post.com, M3Post.com, ZPost.com, 5Post.com, 6Post.com, 7Post.com, XBimmers.com logo and trademark are properties of BIMMERPOST