Automobile enthusiasts are pointing to an unusual spike in the number of BMW thefts in the U.K. this year. Expensive cars being stolen isn't anything to write home about, but the reason for this new trend definitely is: the cars in question are keyless. Multiple BMW models are being swiped without activating car alarms or immobilizers because the thieves are hacking their way into the vehicles.
On the car forum 1Addicts, a one-time poster by the name of "stolen1m" uploaded the above video showing how his BMW was stolen in under three minutes. He suspects the thieves used devices that plug into the car's On-Board Diagnostic (ODB) port to program a new keyfob.
In this particular video, there are a few security flaws that the hackers are exploiting simultaneously: there is no sensor that is triggered when the thieves initially break the window, the internal ultrasonic sensor system has a "blind spot" just in front of the OBD port, the OBD port is constantly powered (even when the car is off), and last but not least, it does not require a password. All of this means the thieves can gain complete access to the car without even entering it.
BMW has acknowledged that there is a problem, but is downplaying this particular issue by saying the whole industry struggles with thievery. This is unfortunate given that the evidence seems to point towards BMWs being specifically targeted. Whether that's because they are luxury cars or because they have a security loophole doesn't matter: the point is BMW needs to do something about it.
"The battle against increasingly sophisticated thieves is a constant challenge for all car makers. Desirable, premium-branded cars, like BMW and its competitors, have always been targeted," a BMW spokesperson told Jalopnik. "BMW has been at the forefront of vehicle security for many years and is constantly pushing the boundaries of the latest defence systems. We work closely with the authorities and with other manufacturers to achieve this. We are aware of recent claims that criminal gangs are targeting premium vehicles from a variety of manufacturers. This is an area under investigation. We have a constant dialogue with police forces to understand any patterns which may emerge. This data is used to enhance our defence systems accordingly. Currently BMW Group products meet or exceed all global legislative criteria concerning vehicle security."
BMW needs to watch the three other YouTube videos also posted in the aforementioned forum:
This is a serious problem. New cars, especially high-end ones, no longer require a physical key to be inserted into the ignition. The previous system evolved into being much more secure because it was two-tiered: metal keys that also have a chip. This new system means stealing cars (mainly BMWs so far) is extremely easy for the sophisticated criminal.
If you want to protect yourself from this hack, look into how you can disable the OBD port on your BMW by disconnecting the corresponding wires. If you or your dealer needs it, you can always reenable it. Alternatively, you can try to further secure the port in your own custom way.