Many cars no longer require a physical key and instead rely on a wireless key fob to both unlock doors and start the engine. While this may be more convenient and rather cool, it is not as secure as having a physical key with an embedded chip. This is on full display at 1Addicts.com, a site dedicated to the BMW 1 Series. A user posted security camera footage of thieves breaking into his car, cloning the wireless fob, and driving off in only three minutes.
The car has an on-board diagnostics (OBD) port on the driver’s side that allows you to plug in a diagnostic device to obtain data about the car and its potential problems. It is also used to clone new keys if the owner loses theirs, and this is the “feature” that car thieves are exploiting. They break the glass on the driver’s side, connect a diagnostic device to the OBD port, and clone a new key onto a blank key fob. Once complete, the thieves can start the car with the press of a button, just like the owner would.
There appear to be many security flaws in the vehicle that all work in concert to allow the attack. First, the car’s ultrasonic sensor system has a “blind spot” down the column in front of the OBD port, which is why the thieves stay outside of the car until they finish cloning the fob. There is also no glass breakage sensor to lock the car down when someone breaks in. The OBD port is constantly powered, even when the ignition is not on, and there is no security (password, PIN, etc) on the port.
1Addicts.com also has video showing how quick and easy it is to clone a keyfob. Its an interesting look into how easy the attack actually is. This attack can also presumably be used on other vehicle makes and models, although BMW seems to have the biggest problem at this time and it may be due to the “blind spot” in the sensor.
Source: 1Addicts Forum